c09f66feda1ec50b90083001b2bafd0da5305814f06315f45908ad185ffff2c4

Analysis

max time kernel
70s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 07:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c80ac7fd36d2a530d236883aa208f109.exe
Size

885KB
MD5

c80ac7fd36d2a530d236883aa208f109
SHA1

b9a5602cf794e19048127dda53597c1ce14ce897
SHA256

c09f66feda1ec50b90083001b2bafd0da5305814f06315f45908ad185ffff2c4
SHA512

91579252ef42b95269141c03c760b7b8d3f9f41b623d3abf51511822ba0fb595b79eb7a986de04b13d266d417523526fec28ddcc85e99ff9c2ae9c3e24007d4f
SSDEEP

24576:vqykjjSlAwD73v+3edhds3c9RfOXPSKrH2njzPjd:vDplAw3f0wIsffaSKrH2jN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2644	8700_100.exe

Loads dropped DLL 1 IoCs

pid	Process
1912	c80ac7fd36d2a530d236883aa208f109.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: 33	1912	c80ac7fd36d2a530d236883aa208f109.exe
Token: SeIncBasePriorityPrivilege	1912	c80ac7fd36d2a530d236883aa208f109.exe
Token: 33	1912	c80ac7fd36d2a530d236883aa208f109.exe
Token: SeIncBasePriorityPrivilege	1912	c80ac7fd36d2a530d236883aa208f109.exe
Token: 33	1912	c80ac7fd36d2a530d236883aa208f109.exe
Token: SeIncBasePriorityPrivilege	1912	c80ac7fd36d2a530d236883aa208f109.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe
Token: 33	2644	8700_100.exe
Token: SeIncBasePriorityPrivilege	2644	8700_100.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2644	1912	c80ac7fd36d2a530d236883aa208f109.exe	28
PID 1912 wrote to memory of 2644	1912	c80ac7fd36d2a530d236883aa208f109.exe	28
PID 1912 wrote to memory of 2644	1912	c80ac7fd36d2a530d236883aa208f109.exe	28
PID 1912 wrote to memory of 2644	1912	c80ac7fd36d2a530d236883aa208f109.exe	28

C:\Users\Admin\AppData\Local\Temp\c80ac7fd36d2a530d236883aa208f109.exe
"C:\Users\Admin\AppData\Local\Temp\c80ac7fd36d2a530d236883aa208f109.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1912
- \DEVICE\HARDDISKVOLUME2\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2011.05.17T21.04\Virtual\STUBEXE\8.0.1112\@APPDATALOCAL@\Temp\8700_100.exe
  "C:\Users\Admin\AppData\Local\Temp\8700_100.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2011.05.17T21.04\Virtual\STUBEXE\8.0.1112\@APPDATALOCAL@\Temp\8700_100.exe

Filesize
17KB

MD5
00ddbb46cbfb40619d89f23c717dc6fe

SHA1
cc56bb4628d978493942e39e140b07ac27d9a1f6

SHA256
3e18d5c1c5e27b1f359c161e90665e921a32dd461699ed762a4582291428067a

SHA512
aa1497729477df5651fd27b1bebf47d89aba4e523dccfacc3f015ff2f7bcd52461b028cd9b55c125e0ecca03d931d60a6c01d74eae21596f42eda367285814ab

Download Submit
memory/1912-6-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/1912-1-0x0000000076FB0000-0x0000000076FB1000-memory.dmp

Filesize
4KB

Download
memory/1912-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1912-5-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/1912-7-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/1912-18-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/1912-4-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/1912-8-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/1912-9-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/1912-2-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/1912-11-0x00000000033B0000-0x0000000003411000-memory.dmp

Filesize
388KB

Download
memory/1912-0-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-59-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-333-0x0000000002580000-0x00000000025F2000-memory.dmp

Filesize
456KB

Download
memory/2644-21-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-19-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-23-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-17-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2644-25-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-27-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-29-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-31-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-33-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-35-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-37-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-39-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-41-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-43-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-45-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-47-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-49-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-51-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-53-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-55-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-57-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-16-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-61-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-63-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-65-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-67-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-69-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-71-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-73-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-20-0x00000000022A0000-0x0000000002312000-memory.dmp

Filesize
456KB

Download
memory/2644-648-0x0000000002870000-0x00000000028E2000-memory.dmp

Filesize
456KB

Download
memory/2644-961-0x0000000002B80000-0x0000000002BF2000-memory.dmp

Filesize
456KB

Download
memory/2644-1275-0x0000000002E50000-0x0000000002EC2000-memory.dmp

Filesize
456KB

Download
memory/2644-1589-0x0000000003150000-0x00000000031C2000-memory.dmp

Filesize
456KB

Download
memory/2644-1903-0x0000000003350000-0x00000000033C2000-memory.dmp

Filesize
456KB

Download
memory/2644-2217-0x0000000000470000-0x00000000004E2000-memory.dmp

Filesize
456KB

Download
memory/2644-2218-0x0000000003470000-0x00000000034E2000-memory.dmp

Filesize
456KB

Download
memory/2644-2533-0x0000000003710000-0x0000000003782000-memory.dmp

Filesize
456KB

Download
memory/2644-2847-0x0000000003BC0000-0x0000000003C32000-memory.dmp

Filesize
456KB

Download
memory/2644-3158-0x00000000022A0000-0x0000000002312000-memory.dmp

Filesize
456KB

Download
memory/2644-3163-0x0000000003ED0000-0x0000000003F42000-memory.dmp

Filesize
456KB

Download
memory/2644-3162-0x0000000002580000-0x00000000025F2000-memory.dmp

Filesize
456KB

Download
memory/2644-3165-0x0000000002870000-0x00000000028E2000-memory.dmp

Filesize
456KB

Download
memory/2644-3460-0x0000000002B80000-0x0000000002BF2000-memory.dmp

Filesize
456KB

Download
memory/2644-3480-0x0000000002E50000-0x0000000002EC2000-memory.dmp

Filesize
456KB

Download
memory/2644-3481-0x0000000004270000-0x00000000042E2000-memory.dmp

Filesize
456KB

Download
memory/2644-3482-0x0000000003150000-0x00000000031C2000-memory.dmp

Filesize
456KB

Download
memory/2644-3484-0x0000000003350000-0x00000000033C2000-memory.dmp

Filesize
456KB

Download
memory/2644-3798-0x0000000003470000-0x00000000034E2000-memory.dmp

Filesize
456KB

Download
memory/2644-3799-0x0000000004530000-0x00000000045A2000-memory.dmp

Filesize
456KB

Download
memory/2644-3800-0x0000000003710000-0x0000000003782000-memory.dmp

Filesize
456KB

Download
memory/2644-3802-0x0000000003BC0000-0x0000000003C32000-memory.dmp

Filesize
456KB

Download
memory/2644-3803-0x0000000003ED0000-0x0000000003F42000-memory.dmp

Filesize
456KB

Download
memory/2644-4118-0x0000000004840000-0x00000000048B2000-memory.dmp

Filesize
456KB

Download
memory/2644-4119-0x0000000004270000-0x00000000042E2000-memory.dmp

Filesize
456KB

Download
memory/2644-4122-0x0000000004530000-0x00000000045A2000-memory.dmp

Filesize
456KB

Download
memory/2644-4325-0x0000000004840000-0x00000000048B2000-memory.dmp

Filesize
456KB

Download
memory/2644-4439-0x0000000004AE0000-0x0000000004B52000-memory.dmp

Filesize
456KB

Download
memory/2644-4444-0x0000000004AE0000-0x0000000004B52000-memory.dmp

Filesize
456KB

Download