Overview

overview

7

Static

static

3

de1d571b7e...84.exe

windows7-x64

7

de1d571b7e...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de1d571b7eba267e01939f28f6720384.exe

  • Size

    671KB

  • MD5

    de1d571b7eba267e01939f28f6720384

  • SHA1

    b6bc19692bb4c9c507c4717197b50ff4445c0d7d

  • SHA256

    f81ee35ec800b6e258853fb2e412dbc99a488563253e451f131d772ad7d81238

  • SHA512

    5c973feb5450430bd17515ae1161c4755b9f333557472e268086a9aed3dbc6bf91f1026a34161cfac16415278dacec3b1400a2a23836817c8301d0e72a60c051

  • SSDEEP

    12288:rM8uzjyO9A9g1lG43dAMWYuNOP1WF3Z4mxxroEtlK+kt9T2MiwkAGGy6:4VzjyWSRYuNOtWQmX8GKGv6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de1d571b7eba267e01939f28f6720384.exe
    "C:\Users\Admin\AppData\Local\Temp\de1d571b7eba267e01939f28f6720384.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1324
  • C:\Windows\rundll
    C:\Windows\rundll
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:772
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=2264,i,7994609493164365963,13212734413040148104,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3484

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\GDEWMF.DAT
      Filesize

      55KB

      MD5

      6853cba3ccc11699c2d840f41c10393f

      SHA1

      80a430dcc2cb34b05d433f0f63b8ef8a6a09bbe3

      SHA256

      0bcf3f4ff7862cd885003b8ecc4d424a2fd418fd64412ffe95a9c4221cc3de59

      SHA512

      a02fef8b7c721459fa6f081a1208bf8dd84d957663b4d711b9f6f1731deedf977e5a391ec7481797da7a594c3dd133e84865133855dcdbe6da2128887270114c

      Download Submit

    • C:\Windows\PFQTED.DAT
      Filesize

      51KB

      MD5

      d58f992c53515c9f1fb9394a46f4cb48

      SHA1

      1f9909d227b93be10328e0abc64052da984657ba

      SHA256

      50c6b8848b0a9cf6a6b579928dc6e5c75cf7564c19bb7b40d86ba9d360ebb040

      SHA512

      3a87c279fbbbaff2bfe791c523716ad092c41099b8914ba369565014502d408084259d4efe6896d785c024935b181ca34cf49e3b79f3f1a89ee1c9d775635d94

      Download Submit

    • C:\Windows\rundll
      Filesize

      671KB

      MD5

      de1d571b7eba267e01939f28f6720384

      SHA1

      b6bc19692bb4c9c507c4717197b50ff4445c0d7d

      SHA256

      f81ee35ec800b6e258853fb2e412dbc99a488563253e451f131d772ad7d81238

      SHA512

      5c973feb5450430bd17515ae1161c4755b9f333557472e268086a9aed3dbc6bf91f1026a34161cfac16415278dacec3b1400a2a23836817c8301d0e72a60c051

      Download Submit

    • memory/772-39-0x00000000020C0000-0x00000000020C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/772-41-0x0000000001200000-0x0000000001201000-memory.dmp

      Filesize

      4KB

      Download

    • memory/772-50-0x0000000000400000-0x0000000000539000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/772-47-0x0000000002C40000-0x0000000002C52000-memory.dmp

      Filesize

      72KB

      Download

    • memory/772-46-0x0000000002C20000-0x0000000002C33000-memory.dmp

      Filesize

      76KB

      Download

    • memory/772-28-0x00000000020A0000-0x00000000020A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/772-43-0x0000000002120000-0x0000000002121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/772-42-0x0000000000D90000-0x0000000000DE4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/772-40-0x00000000020B0000-0x00000000020B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/772-26-0x0000000000400000-0x0000000000539000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/772-37-0x0000000002C40000-0x0000000002C52000-memory.dmp

      Filesize

      72KB

      Download

    • memory/772-38-0x00000000020D0000-0x00000000020D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/772-33-0x0000000002190000-0x0000000002191000-memory.dmp

      Filesize

      4KB

      Download

    • memory/772-32-0x0000000002C20000-0x0000000002C33000-memory.dmp

      Filesize

      76KB

      Download

    • memory/772-27-0x00000000020A0000-0x00000000020A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-20-0x0000000003560000-0x0000000003561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-3-0x0000000002550000-0x0000000002551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-2-0x0000000002570000-0x0000000002571000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-4-0x00000000025A0000-0x00000000025A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-21-0x0000000003550000-0x0000000003551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-8-0x0000000002580000-0x0000000002581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-17-0x0000000003620000-0x0000000003621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-18-0x0000000000B40000-0x0000000000B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-19-0x0000000000B50000-0x0000000000B51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-0-0x0000000000400000-0x0000000000539000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1324-23-0x0000000002740000-0x0000000002741000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-1-0x0000000000B60000-0x0000000000BB4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1324-22-0x0000000003540000-0x0000000003541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-14-0x0000000003520000-0x0000000003523000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1324-11-0x0000000003530000-0x0000000003531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-10-0x0000000002540000-0x0000000002541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-9-0x00000000025C0000-0x00000000025C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-44-0x0000000000400000-0x0000000000539000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1324-45-0x0000000000B60000-0x0000000000BB4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1324-7-0x0000000002590000-0x0000000002591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-6-0x0000000002520000-0x0000000002521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1324-5-0x0000000002530000-0x0000000002531000-memory.dmp

      Filesize

      4KB

      Download