1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596

Submit
Reports

Overview

overview

Static

static

081899c525...89.dll

windows7-x64

082060e332...76.exe

windows7-x64

09d22d6340...64.exe

windows7-x64

1f4e927f6e...a4.exe

windows7-x64

20efc37efc...db.dll

windows7-x64

23b5ce252f...5b.exe

windows7-x64

35fdad147c...8f.exe

windows7-x64

36bfd9f40c...07.exe

windows7-x64

56ec95785f...a4.exe

windows7-x64

675e7e38d9...a8.exe

windows7-x64

6b4df38111...7a.exe

windows7-x64

6b4f6a820d...96.exe

windows7-x64

721ccbb780...29.exe

windows7-x64

75a9ade196...1d.exe

windows7-x64

79271d57c5...61.exe

windows7-x64

*.*/update.exe

windows7-x64

*.*/˫�...��.bat

windows7-x64

847001fe67...7e.exe

windows7-x64

97d846563e...3b.exe

windows7-x64

9a5a08d7a4...4a.exe

windows7-x64

9da42140ca...70.exe

windows7-x64

ac7da11c38...e2.exe

windows7-x64

b3489810af...5f.exe

windows7-x64

bf11915a5a...55.dll

windows7-x64

c453aa991f...3e.dll

windows7-x64

c97d9bbc80...15.exe

windows7-x64

cfe55dc501...48.exe

windows7-x64

d2a120aa4a...78.exe

windows7-x64

db97db6b03...1b.dll

windows7-x64

dc276b7ca4...cf.exe

windows7-x64

e714a8c576...a4.exe

windows7-x64

f0c2927859...a6.exe

windows7-x64

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

max time kernel
1559s
max time network
1563s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 14:27

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx pyinstaller

5 signatures

Behavioral task

behavioral1

Sample

081899c5257cdf6b27b238f9114b9151a755a2044cb463eb2214fa9101c4cd89.dll

Resource

win7-20240319-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral2

Sample

082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76.exe

Resource

win7-20240215-en

ransomware

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral3

Sample

09d22d634084239df510d088dd1685886fdba2810df4067771142fb2204cef64.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral4

Sample

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Resource

win7-20240221-en

spyware stealer

windows7-x64

7 signatures

1800 seconds

Behavioral task

behavioral5

Sample

20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.dll

Resource

win7-20240319-en

persistence

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral6

Sample

23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe

Resource

win7-20231129-en

dharma persistence ransomware spyware stealer

windows7-x64

22 signatures

1800 seconds

Behavioral task

behavioral7

Sample

35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe

Resource

win7-20240220-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral8

Sample

36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral10

Sample

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Resource

win7-20240221-en

persistence ransomware spyware stealer

windows7-x64

11 signatures

1800 seconds

Behavioral task

behavioral11

Sample

6b4df381119ee2beac0fb75184addb6cdd045ddd5e0fa09365a51331a484cd7a.exe

Resource

win7-20240221-en

upx

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral12

Sample

6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe

Resource

win7-20240319-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral13

Sample

721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe

Resource

win7-20240221-en

windows7-x64

4 signatures

1800 seconds

Behavioral task

behavioral14

Sample

75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe

Resource

win7-20240221-en

dharma persistence ransomware spyware stealer

windows7-x64

17 signatures

1800 seconds

Behavioral task

behavioral15

Sample

79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe

Resource

win7-20231129-en

bootkit persistence

windows7-x64

13 signatures

1800 seconds

Behavioral task

behavioral16

Sample

*.*/update.exe

Resource

win7-20240221-en

bootkit persistence

windows7-x64

9 signatures

1800 seconds

Behavioral task

behavioral17

Sample

*.*/˫ǩ.bat

Resource

win7-20240221-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral18

Sample

847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral19

Sample

97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral20

Sample

9a5a08d7a4579e11f59594fe053c8157c20ab74a7775a11a1aa6154a3eb6744a.exe

Resource

win7-20240221-en

discovery evasion ransomware upx

windows7-x64

14 signatures

1800 seconds

Behavioral task

behavioral21

Sample

9da42140cab695b77cde560dd1109d2b96d263e25c21bba0e70604f0717bf270.exe

Resource

win7-20240221-en

persistence

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral22

Sample

ac7da11c38cce3b21137e629d76614f6350cbc96db41bede9029c83d9dfa98e2.exe

Resource

win7-20240221-en

dharma persistence ransomware spyware stealer

windows7-x64

16 signatures

1800 seconds

Behavioral task

behavioral23

Sample

b3489810af4e4d0d953eb438e3550ace5d52a5c8818a6cae7af6d30ba5482e5f.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral24

Sample

bf11915a5a5f8e1de827676250505e7f503c0744da757f8290f077d3d5d81655.dll

Resource

win7-20240221-en

persistence

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral25

Sample

c453aa991f1fb96ec3aebf334f8d9f5a5256dcdf90e697a007575771705be23e.dll

Resource

win7-20240221-en

persistence

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral26

Sample

c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe

Resource

win7-20240221-en

lockergoga banker ransomware spyware stealer trojan

windows7-x64

10 signatures

1800 seconds

Behavioral task

behavioral27

Sample

cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe

Resource

win7-20231129-en

persistence

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral28

Sample

d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78.exe

Resource

win7-20240221-en

dharma persistence ransomware spyware stealer

windows7-x64

21 signatures

1800 seconds

Behavioral task

behavioral29

Sample

db97db6b0367434c2170eb34f828ec6b99032a4722ea55dc14a72883d8af1c1b.dll

Resource

win7-20240221-en

persistence

windows7-x64

5 signatures

1800 seconds

Behavioral task

behavioral30

Sample

dc276b7ca4a980cf487b73b4ef9c40fb93f1b00b5c757a726057ab21a0372ecf.exe

Resource

win7-20240215-en

buran evasion persistence ransomware

windows7-x64

21 signatures

1800 seconds

Behavioral task

behavioral31

Sample

e714a8c576d7e04c2a8c6f4f8aa6627543524e61f4e3fc402a24d6981bad03a4.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral32

Sample

f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6.exe

Resource

win7-20231129-en

spyware stealer upx

windows7-x64

7 signatures

1800 seconds

Report Analysis Logs

General

Target

6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
Size

27KB
MD5

4b95790314f5e5e7ab6027f3afed48ae
SHA1

1bbbc30e0fdc7190d8948716ca8d373788c90ce4
SHA256

6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296
SHA512

380a9bfd525ad558964f444220cf5ac4a9d3add159abd5c0451ca2b1d8bf57d2acf6d0eb8a1ec4b1451b28db10574b2fb66bda0e2f8ed066d4d5aac0dd9c8a2c
SSDEEP

768:ZtVdJkn3Iwk9qg47OxpySkH/U3ITmcemeZFFtbwN4ykQo:ZtBk3I7LhB3PcedFtMOykQo

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe

description pid process

Token: SeDebugPrivilege 1640 6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe

description	pid	process
Token: SeDebugPrivilege	1640	6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
"C:\Users\Admin\AppData\Local\Temp\6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-0-0x0000000001030000-0x000000000103C000-memory.dmp

Filesize
48KB

Download
memory/1640-1-0x0000000074440000-0x0000000074B2E000-memory.dmp

Filesize
6.9MB

Download
memory/1640-2-0x00000000048B0000-0x00000000048F0000-memory.dmp

Filesize
256KB

Download
memory/1640-3-0x0000000074440000-0x0000000074B2E000-memory.dmp

Filesize
6.9MB

Download