9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 01:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292.exe
Size

169.8MB
MD5

ee67688df05593955774ae73667167a8
SHA1

f61afb91182cb80c686fa127ba63409dd99b439b
SHA256

9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292
SHA512

6d1183cc00aeeab439b7dce1b81b856e34b509f1374c57fbcb4418ea95844033bdaf6f408058a6d2ab8ab847a4fba5e20c401185f1335afcb6de953b7c091db7
SSDEEP

786432:wte7lUfVeCYV5fZfNytMnXy/W4RIewPzd1BNyVoOcWDFwLFzCXOTM5fRiB8A9aMy:wg7liCFytUXggp1WVoyuRCT5p6JbcvJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2288	9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292.exe
2288	9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292.exe
2288	9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292.exe

C:\Users\Admin\AppData\Local\Temp\9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292.exe
"C:\Users\Admin\AppData\Local\Temp\9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\.net\9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292\0pzeE4yYPIctJEvtS2dGCihf1r1cE24=\D3DCompiler_47_cor3.dll

Filesize
3.7MB

MD5
89593b264758b0742add4af2e8cfd63c

SHA1
1bf06d3dd89e9ff5ebfd9c05d1074219efb83748

SHA256
c880bbe35bf94b763c31bfe688102f0f3c90860208aecae14a9dbdb1a2ede654

SHA512
c6422bcd3350293499190cfac191f1b8b3154afef7ac69ec331a74a1f417d30052fc72ce6aae753000e2be29f84dc4503ce0962dbcf918cfda8d4e5d79d166ea

Download Submit
\Users\Admin\AppData\Local\Temp\.net\9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292\0pzeE4yYPIctJEvtS2dGCihf1r1cE24=\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
8ec1be06c7e18ed1a28d79aa5999434f

SHA1
d679bc3271655937a640cdf189ad9dcde229d34c

SHA256
f8f7b44f05a9ec52f7b4eec1ab31983bec5f9a32b3ea6a06d50c450c29a4f99f

SHA512
2ee7dde3116d25c6110cf3180204d9d59c63b1937ce1cd2f7bb7e8b7b4666c28919a1f7f8fbe084f1da60e5215db95b54e109015bf0c5fd1779c00b56b62a5f0

Download Submit
\Users\Admin\AppData\Local\Temp\.net\9e8f55bc8fb46962926b2bbe49790b0952aeff6da0c3a596acd73a21f084b292\0pzeE4yYPIctJEvtS2dGCihf1r1cE24=\wpfgfx_cor3.dll

Filesize
1.9MB

MD5
92bc028e71a47517b4d2f6bbf6c16398

SHA1
4f900585292493cca76019bc3e9b65349d3f66d7

SHA256
cc705e2a05d89be5ed088bb6167f95e66742dd59db7dcfee79e66de26355e732

SHA512
3fba8f8af166bb01d953bf5676e18bdd3669f744d38f4d647d6987299890f8b3a2ae5d23d00970bc570f1af7eb843dc989f9b32f2f7d2bb5fee6d0170745e2b2

Download Submit
memory/2288-32-0x0000000007EE0000-0x0000000008720000-memory.dmp

Filesize
8.2MB

Download
memory/2288-16-0x0000000007470000-0x00000000076A0000-memory.dmp

Filesize
2.2MB

Download
memory/2288-28-0x0000000002120000-0x0000000002160000-memory.dmp

Filesize
256KB

Download
memory/2288-7-0x00000000035F0000-0x0000000004110000-memory.dmp

Filesize
11.1MB

Download
memory/2288-24-0x0000000001E40000-0x0000000001E90000-memory.dmp

Filesize
320KB

Download
memory/2288-36-0x00000000027F0000-0x0000000002870000-memory.dmp

Filesize
512KB

Download
memory/2288-40-0x00000000006A0000-0x00000000006B0000-memory.dmp

Filesize
64KB

Download
memory/2288-48-0x0000000002420000-0x0000000002440000-memory.dmp

Filesize
128KB

Download
memory/2288-52-0x0000000002450000-0x0000000002470000-memory.dmp

Filesize
128KB

Download
memory/2288-68-0x0000000004530000-0x0000000004560000-memory.dmp

Filesize
192KB

Download
memory/2288-64-0x00000000044E0000-0x0000000004500000-memory.dmp

Filesize
128KB

Download
memory/2288-20-0x0000000004380000-0x00000000044E0000-memory.dmp

Filesize
1.4MB

Download
memory/2288-60-0x0000000004190000-0x00000000041D0000-memory.dmp

Filesize
256KB

Download
memory/2288-56-0x0000000002870000-0x0000000002890000-memory.dmp

Filesize
128KB

Download
memory/2288-44-0x0000000001F90000-0x0000000001FA0000-memory.dmp

Filesize
64KB

Download
memory/2288-11-0x00000000062B0000-0x0000000007230000-memory.dmp

Filesize
15.5MB

Download
memory/2288-12-0x000000013F4D0000-0x000000013FE5F000-memory.dmp

Filesize
9.6MB

Download
memory/2288-156-0x000000000B420000-0x000000000B42A000-memory.dmp

Filesize
40KB

Download
memory/2288-157-0x000000000B420000-0x000000000B42A000-memory.dmp

Filesize
40KB

Download
memory/2288-182-0x000000013F4D0000-0x000000013FE5F000-memory.dmp

Filesize
9.6MB

Download
memory/2288-183-0x000000000B420000-0x000000000B42A000-memory.dmp

Filesize
40KB

Download