Overview

overview

7

Static

static

3

c5b6e2c127...b9.exe

windows7-x64

7

c5b6e2c127...b9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-03-2024 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5b6e2c127175014cc1fe7196f6342b9.exe

  • Size

    903KB

  • MD5

    c5b6e2c127175014cc1fe7196f6342b9

  • SHA1

    87b1cfad04457a87b17273d4913e52fec5e0f01f

  • SHA256

    dc792fb8d8b6769e0fc297b6c054b7c2a4923bd51d25073997a0aca13236c932

  • SHA512

    9b93cfabd868b6b991715fdff76efa5ff8801adbd6e733c63a8a7f5bfcea09ce6000d7fe17e4035edd828ae443dcbbaaca4284298f27b2af98714b89a228d4d6

  • SSDEEP

    12288:CRpKKXuXjdhrSsqpNVZzFk5ecAIFZEciLEs14dL+ujs/crizjb9C0EG+tDS0sG78:cp3XU03pvXcTWu+ujlib1qh8

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5b6e2c127175014cc1fe7196f6342b9.exe
    "C:\Users\Admin\AppData\Local\Temp\c5b6e2c127175014cc1fe7196f6342b9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2952
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2324

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne
      Filesize

      328KB

      MD5

      cbd788f4c71b9776660d6e8473ae0e09

      SHA1

      0189cd47bfa5d1cac0d7f1a33953d279f60b02bf

      SHA256

      db0a6d7b75503daaf93c8e62ce67abd3afd57daaef4a448ec25a43d1de69e47e

      SHA512

      84bc02c67e3a3a9f77418b25afe7ec55e5bb5ca5a6c05503d94dffa57a30c7608e79bb4f83fe91c39ccce16872df2b3f9e7e5a8eafb4f563b1f961b93e9b8c94

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
      Filesize

      1.1MB

      MD5

      638e737b2293cf7b1f14c0b4fb1f3289

      SHA1

      f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

      SHA256

      baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

      SHA512

      4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

      Download Submit

    • memory/2952-0-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2952-2-0x0000000000510000-0x0000000000511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2952-1-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2952-16-0x0000000002990000-0x00000000029F1000-memory.dmp

      Filesize

      388KB

      Download

    • memory/2952-20-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2952-21-0x0000000000510000-0x0000000000511000-memory.dmp

      Filesize

      4KB

      Download