Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2024, 13:20

General

  • Target

    Spoofer.exe

  • Size

    2.1MB

  • MD5

    382d1136a20e58b8bbcc7fffe5ce8d2b

  • SHA1

    9779688fee4642fd0dde3d58f7d86dbeb8a4909e

  • SHA256

    27fa9de0fad33e7dbed3a1d5d1c50fe843574062a87b34fb3617be1c77ba1391

  • SHA512

    eaf873631e4f9f43eb2912d5b86c5d317e7042233e68dfb9b9efcd85d95b80f3e996b84ae312bbdb33f5e7d18218a5531225ca72ded7388fbb8fbc4a636a1990

  • SSDEEP

    49152:QMdhRi0P2enkqXfd+/9ATrgBWBKH8jkDVFCNXODzWS9HfX0H:LdvtnkqXf0F9+KH4kpc+DX/0H

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Spoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\Spoofer.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2332

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\RebrandPanel\Spoofer.exe_Url_rzimjvkqzs3p25w0ufvllpw5uauqzjcy\1.0.0.0\user.config

          Filesize

          815B

          MD5

          536a33ecf0fb78cfb1fcd47a4383f3be

          SHA1

          fbeb0fd002dfb9275a7ca907469b5ba7ef49912a

          SHA256

          39de6fc661b8668d4a390e1b6cf7738aa1d92de643979faedda77f42233bd718

          SHA512

          e755ee08a771748418054e6a879eedfa47998dba3a5fea86a20f44eb2d31ad43dc4649039d9fe5248c7b66f5f85e97fa7d0defd3de9691bdca9b4faecbda3f13

        • C:\Users\Admin\AppData\Local\RebrandPanel\Spoofer.exe_Url_rzimjvkqzs3p25w0ufvllpw5uauqzjcy\1.0.0.0\user.config

          Filesize

          816B

          MD5

          05c3e4429f24328a7f1d975027291a6f

          SHA1

          e056876d6d73f20cd2c84bc34ed83f921a7da10a

          SHA256

          f2075f63ad8eca2f767e295064d157d32c627267ad6cac1eb73992f9c6f09c88

          SHA512

          e062658cff25d7a01b203f5ed60cf34fdd6f9fb7ab4189c046f0c6288e6951d0c680de77596e8bd86debf0738385a6f3438913bee861cd0e68f8c62b22ee497d

        • memory/2332-0-0x000001CBEA580000-0x000001CBEA7A6000-memory.dmp

          Filesize

          2.1MB

        • memory/2332-3-0x000001CBECE90000-0x000001CBECEA0000-memory.dmp

          Filesize

          64KB

        • memory/2332-1-0x00007FFF169A0000-0x00007FFF17461000-memory.dmp

          Filesize

          10.8MB

        • memory/2332-2-0x000001CBECEA0000-0x000001CBED2A6000-memory.dmp

          Filesize

          4.0MB

        • memory/2332-4-0x000001CBECE90000-0x000001CBECEA0000-memory.dmp

          Filesize

          64KB

        • memory/2332-5-0x000001CBECE90000-0x000001CBECEA0000-memory.dmp

          Filesize

          64KB

        • memory/2332-6-0x000001CBECE90000-0x000001CBECEA0000-memory.dmp

          Filesize

          64KB

        • memory/2332-20-0x000001CBECE90000-0x000001CBECEA0000-memory.dmp

          Filesize

          64KB

        • memory/2332-23-0x00007FFF169A0000-0x00007FFF17461000-memory.dmp

          Filesize

          10.8MB

        • memory/2332-25-0x00007FFF169A0000-0x00007FFF17461000-memory.dmp

          Filesize

          10.8MB