ed5e0ad33943eb52913930b6022114bcfd5b6e9a405abf9114f3f39325f52a86

Analysis

max time kernel
139s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8f8b2a24b88636c12ddc88504f780d0.exe
Size

24KB
MD5

c8f8b2a24b88636c12ddc88504f780d0
SHA1

85bb7d03ef9949dc3a4d26bbe8f859669fb91139
SHA256

ed5e0ad33943eb52913930b6022114bcfd5b6e9a405abf9114f3f39325f52a86
SHA512

88173f23ee3e57afffec591d2f7762833bc991707a39f78e5e3c934826d6cf523157db7997cb483ee7f76bf5d0d32b455805887c04d16bf0924b8378f4fd8d3b
SSDEEP

192:/TzYzToraXUF3MzprAadD94AANgOJf8SKwEm+UwcJG:/TEwraXUF8pPdD94M+KwEm+UwJ

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\system32\drivers\etc\hosts	win32.exe

Deletes itself 1 IoCs

pid	Process
4556	win32.exe

Executes dropped EXE 1 IoCs

pid	Process
4556	win32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3672	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4520	c8f8b2a24b88636c12ddc88504f780d0.exe
4556	win32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 4556	4520	c8f8b2a24b88636c12ddc88504f780d0.exe	91
PID 4520 wrote to memory of 4556	4520	c8f8b2a24b88636c12ddc88504f780d0.exe	91
PID 4520 wrote to memory of 4556	4520	c8f8b2a24b88636c12ddc88504f780d0.exe	91

C:\Users\Admin\AppData\Local\Temp\c8f8b2a24b88636c12ddc88504f780d0.exe
"C:\Users\Admin\AppData\Local\Temp\c8f8b2a24b88636c12ddc88504f780d0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Users\Admin\AppData\Local\Temp\win32.exe
  C:\Users\Admin\AppData\Local\Temp\win32.exe C:\Users\Admin\AppData\Local\Temp\c8f8b2a24b88636c12ddc88504f780d0.exe
  2⤵
  - Drops file in Drivers directory
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4556

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:228

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
9a908631e2e90b0a5670d3750b97be44

SHA1
c9f33a7cf3228ccad6838b394b6b89724ad7f59c

SHA256
d01df7e8282281555feea1a13f74b32ae7bd9ea5b3f06ad747288625a1dd98a0

SHA512
825f86552aa8928ae5708760070e9be5e2d0658ea9ec73a377816b195c1e94022067adc08752e6545902542d8e60d0c7ba81d0a2ed1f7e9849100d96983dec01

Download Submit
C:\Users\Admin\AppData\Local\Temp\win32.exe

Filesize
24KB

MD5
c8f8b2a24b88636c12ddc88504f780d0

SHA1
85bb7d03ef9949dc3a4d26bbe8f859669fb91139

SHA256
ed5e0ad33943eb52913930b6022114bcfd5b6e9a405abf9114f3f39325f52a86

SHA512
88173f23ee3e57afffec591d2f7762833bc991707a39f78e5e3c934826d6cf523157db7997cb483ee7f76bf5d0d32b455805887c04d16bf0924b8378f4fd8d3b

Download Submit
memory/3672-51-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-52-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-43-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-44-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-45-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-46-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-47-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-48-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-49-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-53-0x000002B231890000-0x000002B231891000-memory.dmp

Filesize
4KB

Download
memory/3672-42-0x000002B231C40000-0x000002B231C41000-memory.dmp

Filesize
4KB

Download
memory/3672-26-0x000002B229650000-0x000002B229660000-memory.dmp

Filesize
64KB

Download
memory/3672-50-0x000002B231C60000-0x000002B231C61000-memory.dmp

Filesize
4KB

Download
memory/3672-54-0x000002B231880000-0x000002B231881000-memory.dmp

Filesize
4KB

Download
memory/3672-56-0x000002B231890000-0x000002B231891000-memory.dmp

Filesize
4KB

Download
memory/3672-59-0x000002B231880000-0x000002B231881000-memory.dmp

Filesize
4KB

Download
memory/3672-62-0x000002B2317C0000-0x000002B2317C1000-memory.dmp

Filesize
4KB

Download
memory/3672-10-0x000002B229550000-0x000002B229560000-memory.dmp

Filesize
64KB

Download
memory/3672-74-0x000002B2319C0000-0x000002B2319C1000-memory.dmp

Filesize
4KB

Download
memory/3672-76-0x000002B2319D0000-0x000002B2319D1000-memory.dmp

Filesize
4KB

Download
memory/3672-77-0x000002B2319D0000-0x000002B2319D1000-memory.dmp

Filesize
4KB

Download
memory/3672-78-0x000002B231AE0000-0x000002B231AE1000-memory.dmp

Filesize
4KB

Download