fd94ea0034320f96ca9e2c60c6a0984928acb9b46c1825eb56d00c94d90304ad

General

Target

caa94d97c67f9ece7fe741d3b21634f4.exe
Size

659KB
MD5

caa94d97c67f9ece7fe741d3b21634f4
SHA1

d3c3dc90128f0b4bbefbab0aa0cc022e55a1f37d
SHA256

fd94ea0034320f96ca9e2c60c6a0984928acb9b46c1825eb56d00c94d90304ad
SHA512

4a06982411290b3625be99c6928b8b32bcdc02d0ced840fa5c808690ffb868721ad458b37dcf16272a97dbb92fdd4435ae3784f196bd5d21327883ed3a9a21ad
SSDEEP

12288:bk83RBEncpJtxdsbgCHr97dCeHD+C86EtT4F3Z4mxxepUjGUUuittJMS:bk83RKncpJtxdsb5HrzCeHD+CiaQmXeS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2184	.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\.exe	caa94d97c67f9ece7fe741d3b21634f4.exe
File created	C:\Windows\DELME.BAT	caa94d97c67f9ece7fe741d3b21634f4.exe
File created	C:\Windows\.exe	caa94d97c67f9ece7fe741d3b21634f4.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4064	caa94d97c67f9ece7fe741d3b21634f4.exe
Token: SeDebugPrivilege	2184	.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2184	.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4628	2184	.exe	92
PID 2184 wrote to memory of 4628	2184	.exe	92
PID 4064 wrote to memory of 440	4064	caa94d97c67f9ece7fe741d3b21634f4.exe	93
PID 4064 wrote to memory of 440	4064	caa94d97c67f9ece7fe741d3b21634f4.exe	93
PID 4064 wrote to memory of 440	4064	caa94d97c67f9ece7fe741d3b21634f4.exe	93

C:\Users\Admin\AppData\Local\Temp\caa94d97c67f9ece7fe741d3b21634f4.exe
"C:\Users\Admin\AppData\Local\Temp\caa94d97c67f9ece7fe741d3b21634f4.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\DELME.BAT
  2⤵
  PID:440

C:\Windows\.exe
C:\Windows\.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\.exe

Filesize
659KB

MD5
caa94d97c67f9ece7fe741d3b21634f4

SHA1
d3c3dc90128f0b4bbefbab0aa0cc022e55a1f37d

SHA256
fd94ea0034320f96ca9e2c60c6a0984928acb9b46c1825eb56d00c94d90304ad

SHA512
4a06982411290b3625be99c6928b8b32bcdc02d0ced840fa5c808690ffb868721ad458b37dcf16272a97dbb92fdd4435ae3784f196bd5d21327883ed3a9a21ad

Download Submit
C:\Windows\DELME.BAT

Filesize
190B

MD5
cc3fe3174fd43e7a0bae0acfba94c1ae

SHA1
1f4b8afbcb6ecccabdf2671b9065cf39059802ec

SHA256
bcb4b16f7e8eb584acb1ef842e91378c5e70c6e06a7f90efd95436df8b92577f

SHA512
2bb8e840693a7d805ad7bbcea2fced952a7f534a6d8e61f7142f08243dee1b796ec7365590c739a31c068b059bb0305d3b7ecf9503f1c0d3ff297037bd42a267

Download Submit
memory/2184-31-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/2184-39-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/2184-41-0x0000000000E70000-0x0000000000EC4000-memory.dmp

Filesize
336KB

Download
memory/2184-33-0x00000000011E0000-0x00000000011E1000-memory.dmp

Filesize
4KB

Download
memory/2184-43-0x00000000011E0000-0x00000000011E1000-memory.dmp

Filesize
4KB

Download
memory/2184-29-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/2184-30-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/2184-28-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/2184-26-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/2184-27-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/2184-25-0x0000000000E70000-0x0000000000EC4000-memory.dmp

Filesize
336KB

Download
memory/2184-24-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/4064-10-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4064-0-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/4064-18-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/4064-19-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/4064-20-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4064-21-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/4064-16-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/4064-13-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/4064-12-0x0000000003500000-0x0000000003503000-memory.dmp

Filesize
12KB

Download
memory/4064-11-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4064-9-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4064-17-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/4064-8-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4064-7-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4064-6-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4064-32-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/4064-3-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4064-37-0x0000000002350000-0x00000000023A4000-memory.dmp

Filesize
336KB

Download
memory/4064-2-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4064-5-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4064-4-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4064-1-0x0000000002350000-0x00000000023A4000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing