67f15f6a470cb2bdf2de76610a77ce310b63167d127d4ae6e76bb7e6ae16bdaf

Resubmissions

15/03/2024, 15:22

240315-srx2sadh23 9

15/03/2024, 04:03

240315-emwq9sfh4v 9

Analysis

max time kernel
449s
max time network
451s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 04:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BLTools v2.7.2 Pro.exe
Size

3.4MB
MD5

b6accab723ca675c18544f2640cabce8
SHA1

066ee4ec9fe7eb3520543797878ba6b77148010f
SHA256

1ddbbe124a321ba8c769295cf91ed5a2ddfd4669da9f1bb95907a30120b1c2a1
SHA512

ec4797aad8f6250be0ac1903231c2f8eb1ec03b1650ba69b81df5fc9d80842ff8fbfebe8d25539f9c14fa2a898fff04965fe5748f01be90b4aadf869e7a5e0c2
SSDEEP

49152:VMByOj9Ss24R0wFhlMv6DSdsHXgzSq0Xll2JEW38Y2WUC:Vyj9Sl4R0wFrNDSGH8Kll2KWtjUC

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
5080	BLTools v2.7.2 Pro.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5080	BLTools v2.7.2 Pro.exe
Token: SeManageVolumePrivilege	1784	svchost.exe

C:\Users\Admin\AppData\Local\Temp\BLTools v2.7.2 Pro.exe
"C:\Users\Admin\AppData\Local\Temp\BLTools v2.7.2 Pro.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5080

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:644

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-47-0x0000029952F40000-0x0000029952F50000-memory.dmp

Filesize
64KB

Download
memory/1784-67-0x000002995B3F0000-0x000002995B3F1000-memory.dmp

Filesize
4KB

Download
memory/1784-66-0x000002995B2C0000-0x000002995B2C1000-memory.dmp

Filesize
4KB

Download
memory/1784-65-0x000002995B2C0000-0x000002995B2C1000-memory.dmp

Filesize
4KB

Download
memory/1784-63-0x000002995B290000-0x000002995B291000-memory.dmp

Filesize
4KB

Download
memory/5080-16-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-22-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/5080-7-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-8-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-9-0x0000000009FC0000-0x0000000009FF8000-memory.dmp

Filesize
224KB

Download
memory/5080-10-0x0000000009F90000-0x0000000009F9E000-memory.dmp

Filesize
56KB

Download
memory/5080-11-0x000000000F0A0000-0x000000000F644000-memory.dmp

Filesize
5.6MB

Download
memory/5080-12-0x000000000C590000-0x000000000C5A2000-memory.dmp

Filesize
72KB

Download
memory/5080-13-0x0000000006720000-0x0000000006728000-memory.dmp

Filesize
32KB

Download
memory/5080-14-0x000000000BDB0000-0x000000000BDD4000-memory.dmp

Filesize
144KB

Download
memory/5080-15-0x000000000BDE0000-0x000000000BE72000-memory.dmp

Filesize
584KB

Download
memory/5080-0-0x00000000004B0000-0x0000000000820000-memory.dmp

Filesize
3.4MB

Download
memory/5080-19-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-20-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-21-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-6-0x0000000005950000-0x0000000005A0A000-memory.dmp

Filesize
744KB

Download
memory/5080-23-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-24-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-25-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-26-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-27-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-28-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-29-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-30-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-5-0x0000000005630000-0x0000000005690000-memory.dmp

Filesize
384KB

Download
memory/5080-4-0x0000000005580000-0x00000000055D0000-memory.dmp

Filesize
320KB

Download
memory/5080-3-0x0000000005AB0000-0x00000000063DC000-memory.dmp

Filesize
9.2MB

Download
memory/5080-2-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/5080-1-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download