Overview

overview

7

Static

static

3

36fd6f4a1f...dc.exe

windows7-x64

7

36fd6f4a1f...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    86s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 05:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    36fd6f4a1f474484a59818f2ed38a11b12ef39e71706b66cd52589032c30b6dc.exe

  • Size

    2.1MB

  • MD5

    1c439f50e34eec73eba39a0c5e7226c6

  • SHA1

    b6d71dfddc86164b1edfc7c117f7f6a176de8a71

  • SHA256

    36fd6f4a1f474484a59818f2ed38a11b12ef39e71706b66cd52589032c30b6dc

  • SHA512

    766aba099036b7a99fd59d086039049b3cb07f2d97d557157fd6ec382b031f7a506da4a01abd274b83798a1bd2d2352c4b7fc80e3ce9c5d5ef12fa5aac0966ba

  • SSDEEP

    49152:AbJT0Q4hBOSS67mY+9UsteTPkxxaCV8JBV1Ls2wBmJBV1Ls2wBb:AbAh0Shn3uvltTb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 43 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36fd6f4a1f474484a59818f2ed38a11b12ef39e71706b66cd52589032c30b6dc.exe
    "C:\Users\Admin\AppData\Local\Temp\36fd6f4a1f474484a59818f2ed38a11b12ef39e71706b66cd52589032c30b6dc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Users\Admin\Cheathappens\Work\Runtime\~CheathappensTrainer1890.tmp
      "C:\Users\Admin\Cheathappens\Work\Runtime\~CheathappensTrainer1890.tmp" "16744820695884" "C:\Users\Admin\AppData\Local\Temp\36fd6f4a1f474484a59818f2ed38a11b12ef39e71706b66cd52589032c30b6dc.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1028
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic" /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1540

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Cheathappens\Work\Runtime\~CheathappensTrainer1890.tmp
          Filesize

          1.3MB

          MD5

          a6a0b432bcbc946bd4a4fcd869a5804a

          SHA1

          d9ba72d374b3bb2296b58f7b6eed4777fde83a00

          SHA256

          a96de002212bddcab848071c641d073a34b30c52180004a4e59b52c008f6989a

          SHA512

          461e4d234a6e7e4edacceffd1fcae4c4d90944a24e401dbca7972a9779bedb12c4cdd5cd7e23d748236f3680770fb241bd5b3ab6183f2def8c3f9203689d979d

          Download Submit

        • C:\Users\Admin\Cheathappens\Work\inetcheck.dat
          Filesize

          26B

          MD5

          4421cb24a881ffe931f432bff97230a7

          SHA1

          1a00e202fa543a860f31af1091b970fd124c20cc

          SHA256

          dbd37e0e5fed7aa721a4fa67c9d052cd56c72704ae5c8924a762d2d5a53ba5e3

          SHA512

          6352b81b2bcbacf511026dda5c157f1518663745a978188e769f3ea125cd77c3c3d497543f709eea916e586367b7fa00b2ae5b38d9581dc30d552e5c654f1886

          Download Submit