e608f1e9a06f9ff00378968f616242eb3e09b8d22481c8d99d9ae9bf1d26c0a6

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5622bb285f1f184c7f35caef783a653.exe
Size

31KB
MD5

c5622bb285f1f184c7f35caef783a653
SHA1

1cbdac48ca02def130dbb9aa2d9a42c9320d4151
SHA256

e608f1e9a06f9ff00378968f616242eb3e09b8d22481c8d99d9ae9bf1d26c0a6
SHA512

988e248e8d3bec013f02212fcc1714c1ed3c3b33a41092dea6f9e828815e51a783c8335c5b09e3e5790eafc49657e8bf00bfd8b94960591896641dd284dd194f
SSDEEP

768:WKu4EIgI2EDTUtljOomhozhACKf3C0VW+RXu5SEAOXCJsLxcY:n/EETuxOwzKCK/Kue5SEAGOY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3932	c5622bb285f1f184c7f35caef783a653.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\jkkIASiJ.dll	c5622bb285f1f184c7f35caef783a653.exe
File created	C:\Windows\SysWOW64\jkkIASiJ.dll	c5622bb285f1f184c7f35caef783a653.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3932	c5622bb285f1f184c7f35caef783a653.exe
3932	c5622bb285f1f184c7f35caef783a653.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3932	c5622bb285f1f184c7f35caef783a653.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3932	c5622bb285f1f184c7f35caef783a653.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 620	3932	c5622bb285f1f184c7f35caef783a653.exe	5
PID 3932 wrote to memory of 2556	3932	c5622bb285f1f184c7f35caef783a653.exe	109
PID 3932 wrote to memory of 2556	3932	c5622bb285f1f184c7f35caef783a653.exe	109
PID 3932 wrote to memory of 2556	3932	c5622bb285f1f184c7f35caef783a653.exe	109
PID 3932 wrote to memory of 4040	3932	c5622bb285f1f184c7f35caef783a653.exe	110
PID 3932 wrote to memory of 4040	3932	c5622bb285f1f184c7f35caef783a653.exe	110
PID 3932 wrote to memory of 4040	3932	c5622bb285f1f184c7f35caef783a653.exe	110

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\c5622bb285f1f184c7f35caef783a653.exe
"C:\Users\Admin\AppData\Local\Temp\c5622bb285f1f184c7f35caef783a653.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe ,a
  2⤵
  PID:2556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\removalfile.bat "C:\Users\Admin\AppData\Local\Temp\c5622bb285f1f184c7f35caef783a653.exe"
  2⤵
  PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4324 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\removalfile.bat

Filesize
43B

MD5
9a7ef09167a6f4433681b94351509043

SHA1
259b1375ed8e84943ca1d42646bb416325c89e12

SHA256
d5739a0510d89da572eb0b0d394d4fb4dd361cd9ee0144b9b31c590df93c3be7

SHA512
96b84cd88a0e4b7c1122af3ed6ce5edf0a9a4e9bf79575eadfac16b2c46f1278d57755d29f21d7c6dcb4403be24b7ac7da4837c6cc9c602342a8f2b8e54883df

Download Submit
C:\Windows\SysWOW64\jkkIASiJ.dll

Filesize
24KB

MD5
6934b0115adb7d5274e636e20a273230

SHA1
d413c3cf209080b42b7231eeda22ca1b90c79725

SHA256
ab0be01bce1f86ed28d57ea621be3672671837f5c81468052b2ce8bf182104f3

SHA512
7c634621ae6f8ffaaad49338ee0bc8817c9c4672388b330b73b60e8db4e2bc117101619ab38a15362472e74001bcccc9ae23b24b6d6434c9a2b4dae333a9c1be

Download Submit
memory/3932-1-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3932-0-0x0000000002160000-0x0000000002167000-memory.dmp

Filesize
28KB

Download
memory/3932-7-0x0000000002160000-0x0000000002165000-memory.dmp

Filesize
20KB

Download
memory/3932-8-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/3932-10-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/3932-11-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/3932-13-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/3932-15-0x0000000002160000-0x0000000002165000-memory.dmp

Filesize
20KB

Download
memory/3932-14-0x0000000002160000-0x0000000002167000-memory.dmp

Filesize
28KB

Download