830bf8ebb7a9f6b44f657836c6dad8d1cebab16350f402dbf599d4f38e019ed0

Analysis

max time kernel
136s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d757c8f286baaf93380e560c986b6222.exe
Size

614KB
MD5

d757c8f286baaf93380e560c986b6222
SHA1

8c6bf2a37004c382c18e6b23ab0b8e5be1569e5d
SHA256

830bf8ebb7a9f6b44f657836c6dad8d1cebab16350f402dbf599d4f38e019ed0
SHA512

1f69ecc47e5dad5788db34e2def9a4991345a4fac2ef322cd80451ead1f65e6d5af00785f56663055796c3bb7b935f5d74895b31a3075adc1cffb1cb9f666700
SSDEEP

12288:P5v8WAA12+eawYcPxrg+v8EUVhF3Z4mxxlSWUcOeTHfkzz+:Px0tzY8xD1AQmXzUcrTHcf+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2340	Hacker.com.cn.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	d757c8f286baaf93380e560c986b6222.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	d757c8f286baaf93380e560c986b6222.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Hacker.com.cn.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Hacker.com.cn.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Hacker.com.cn.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Hacker.com.cn.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Hacker.com.cn.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3896	d757c8f286baaf93380e560c986b6222.exe
Token: SeDebugPrivilege	2340	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2340	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 1520	2340	Hacker.com.cn.exe	93
PID 2340 wrote to memory of 1520	2340	Hacker.com.cn.exe	93

C:\Users\Admin\AppData\Local\Temp\d757c8f286baaf93380e560c986b6222.exe
"C:\Users\Admin\AppData\Local\Temp\d757c8f286baaf93380e560c986b6222.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3896

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
614KB

MD5
d757c8f286baaf93380e560c986b6222

SHA1
8c6bf2a37004c382c18e6b23ab0b8e5be1569e5d

SHA256
830bf8ebb7a9f6b44f657836c6dad8d1cebab16350f402dbf599d4f38e019ed0

SHA512
1f69ecc47e5dad5788db34e2def9a4991345a4fac2ef322cd80451ead1f65e6d5af00785f56663055796c3bb7b935f5d74895b31a3075adc1cffb1cb9f666700

Download Submit
C:\Windows\Hacker.com.cn.exe

Filesize
305KB

MD5
1e3d8d3d5fc599f132503d4103e26712

SHA1
73389541a3f4a619d32352f11a954f9f62676e51

SHA256
b5559e803fab65f8b4fdb34befcad789f55df88ea5e37c33a41c64279cc5f182

SHA512
b6b3f3584dca3985cfe61bfb66005298a62785ec7a681170354202f19697a94e427932b5c0090e4647fc50c89fd4c363d6f8a583b0a2ceb2866ae09f5e4cbf71

Download Submit
memory/2340-28-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-44-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-21-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2340-23-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-24-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-25-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-26-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-59-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-60-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-61-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-62-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-63-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-64-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-66-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-67-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-22-0x0000000000760000-0x00000000007B4000-memory.dmp

Filesize
336KB

Download
memory/2340-31-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-37-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-45-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-46-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-48-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-50-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-54-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-53-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-55-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-57-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-58-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-56-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-52-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-51-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-49-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-47-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-65-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-43-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-42-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-41-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-40-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-39-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-38-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-36-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-35-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-34-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-33-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-32-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-30-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-29-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2340-27-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/3896-10-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/3896-12-0x00000000033D0000-0x000000000347F000-memory.dmp

Filesize
700KB

Download
memory/3896-9-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/3896-4-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/3896-6-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/3896-5-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/3896-7-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/3896-0-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/3896-11-0x00000000033D0000-0x000000000347F000-memory.dmp

Filesize
700KB

Download
memory/3896-8-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3896-3-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/3896-13-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/3896-18-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/3896-14-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/3896-15-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/3896-2-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3896-1-0x0000000000720000-0x0000000000774000-memory.dmp

Filesize
336KB

Download
memory/3896-83-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download