52104d3d55eea30c34424fc7df94bea2df81d0ace2a579f814bcd743ae345841

Analysis

max time kernel
42s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wfilmorav13060-zmco.exe
Size

32.1MB
MD5

b26a4b5fb6fc09689ffcc83ad1635c17
SHA1

7c047e6d2fb7a55f583d41ec6484b62300a2a683
SHA256

52104d3d55eea30c34424fc7df94bea2df81d0ace2a579f814bcd743ae345841
SHA512

5478673949ec1b4d9d1dcb4cffa48433613b27539c5b1bf5641e8a5371300215fb0a884ba614fab198173b17f18779ff49de69a4565e2a880fc1e39f1e4a63d3
SSDEEP

786432:39OVLxap2s1SljuTMbJ1CPj7zWeVTSVXkCjEV7:taaB1SkHxVTStfM7

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1740	wfilmorav13060-zmco.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1740	wfilmorav13060-zmco.exe
Token: SeIncBasePriorityPrivilege	1740	wfilmorav13060-zmco.exe

C:\Users\Admin\AppData\Local\Temp\wfilmorav13060-zmco.exe
"C:\Users\Admin\AppData\Local\Temp\wfilmorav13060-zmco.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bassmod.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
memory/1740-20-0x0000000004190000-0x0000000004191000-memory.dmp

Filesize
4KB

Download
memory/1740-21-0x0000000004120000-0x0000000004121000-memory.dmp

Filesize
4KB

Download
memory/1740-3-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1740-4-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1740-6-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1740-5-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1740-7-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1740-8-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/1740-9-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1740-10-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/1740-11-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/1740-12-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1740-13-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/1740-14-0x00000000040E0000-0x00000000040E1000-memory.dmp

Filesize
4KB

Download
memory/1740-15-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/1740-16-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1740-17-0x00000000040F0000-0x00000000040F1000-memory.dmp

Filesize
4KB

Download
memory/1740-18-0x0000000004140000-0x0000000004141000-memory.dmp

Filesize
4KB

Download
memory/1740-19-0x0000000004130000-0x0000000004131000-memory.dmp

Filesize
4KB

Download
memory/1740-0-0x0000000000400000-0x0000000002630000-memory.dmp

Filesize
34.2MB

Download
memory/1740-1-0x0000000000340000-0x00000000003A0000-memory.dmp

Filesize
384KB

Download
memory/1740-23-0x0000000004180000-0x0000000004181000-memory.dmp

Filesize
4KB

Download
memory/1740-22-0x0000000004160000-0x0000000004161000-memory.dmp

Filesize
4KB

Download
memory/1740-24-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/1740-25-0x00000000052C0000-0x00000000052C2000-memory.dmp

Filesize
8KB

Download
memory/1740-26-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/1740-27-0x00000000052B0000-0x00000000052B1000-memory.dmp

Filesize
4KB

Download
memory/1740-28-0x0000000000400000-0x0000000002630000-memory.dmp

Filesize
34.2MB

Download
memory/1740-29-0x0000000000340000-0x00000000003A0000-memory.dmp

Filesize
384KB

Download
memory/1740-30-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/1740-32-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/1740-33-0x00000000052C0000-0x00000000052C2000-memory.dmp

Filesize
8KB

Download
memory/1740-35-0x00000000052E0000-0x00000000052E1000-memory.dmp

Filesize
4KB

Download
memory/1740-36-0x00000000052B0000-0x00000000052B7000-memory.dmp

Filesize
28KB

Download
memory/1740-2-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1740-40-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1740-42-0x0000000000400000-0x0000000002630000-memory.dmp

Filesize
34.2MB

Download
memory/1740-43-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1740-44-0x00000000052E0000-0x00000000052E1000-memory.dmp

Filesize
4KB

Download
memory/1740-45-0x0000000000400000-0x0000000002630000-memory.dmp

Filesize
34.2MB

Download
memory/1740-46-0x0000000000340000-0x00000000003A0000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads