Overview
overview
7Static
static
5599151.301...39.lnk
windows7-x64
5599151.301...39.lnk
windows10-2004-x64
7TUP3298063...ed.dll
windows7-x64
3TUP3298063...ed.dll
windows10-2004-x64
TUP3298063...on.dll
windows7-x64
1TUP3298063...on.dll
windows10-2004-x64
1TUP3298063...on.exe
windows7-x64
3TUP3298063...on.exe
windows10-2004-x64
3TUP3298063...n1.exe
windows7-x64
TUP3298063...n1.exe
windows10-2004-x64
TUP3298063...1_.ps1
windows7-x64
1TUP3298063...1_.ps1
windows10-2004-x64
1TUP3298063...32.dll
windows7-x64
1TUP3298063...32.dll
windows10-2004-x64
1TUP3298063...33.dll
windows7-x64
1TUP3298063...33.dll
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-04-2024 14:22
Static task
static1
Behavioral task
behavioral1
Sample
599151.301.25077.7868139.lnk
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
599151.301.25077.7868139.lnk
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TUP32980638916Y/ctfmon-dll-decoded.dll
Resource
win7-20240319-en
Behavioral task
behavioral4
Sample
TUP32980638916Y/ctfmon-dll-decoded.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
TUP32980638916Y/ctfmon.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
TUP32980638916Y/ctfmon.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
TUP32980638916Y/ctfmon.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
TUP32980638916Y/ctfmon.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TUP32980638916Y/ctfmon1.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TUP32980638916Y/ctfmon1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TUP32980638916Y/ctfmon1_.ps1
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TUP32980638916Y/ctfmon1_.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TUP32980638916Y/log32.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
TUP32980638916Y/log32.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
TUP32980638916Y/log33.dll
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
TUP32980638916Y/log33.dll
Resource
win10v2004-20240226-en
General
-
Target
TUP32980638916Y/ctfmon1_.ps1
-
Size
32KB
-
MD5
252e0eb89a2db92371e656bd27f6159d
-
SHA1
c079f873fe7cbfe4f997f826f18ab9714e746ddc
-
SHA256
0f977614e29c69399e36c2adab87e671c132b371f61bad3a876a2c5165872e88
-
SHA512
b6a9b70991d1a832b47dd7446a7704161ec8d498c02ff1c53eeceb6d50ec9831132b8e4f262cad8defbac32cefed056300f975e8b4f9e6b31389e75066db75c5
-
SSDEEP
768:w6P2LLXfXcS4C838XhiTpRoD9q96/gbeUVF7wsgc:wFLLXj4f8MTDokwsLhN
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1524 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1524 powershell.exe