e54c1433883e544025ce6a0ab86c8954b02496144ec92e6ea0f17c17a9ee19c5

Analysis

max time kernel
144s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/04/2024, 10:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ab9cd59d789e6c7841b9d28689743e700d492b5fae1606f184889cc7e6acadcc.exe
Size

40KB
MD5

b69f65b999db695b27910689b7ed5cf0
SHA1

8ce5b38a454c8aa3a93830f092c089d197ddd129
SHA256

ab9cd59d789e6c7841b9d28689743e700d492b5fae1606f184889cc7e6acadcc
SHA512

02620afcb60941e87d3d7aa1f01f61efd5aa34c8b42e8d7081a2e413581c85d4791cb24902c3c63e1b4c7e533135206174624488f8624170d369969861d2ad81
SSDEEP

768:XsU34/7G7eNRjM2XyiWIqiBGMG9a0hxTR7jX8MdZ+:X73UG7ezj7XyFYG5amfjMUA

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (4313) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2488	ab9cd59d789e6c7841b9d28689743e700d492b5fae1606f184889cc7e6acadcc.exe

C:\Users\Admin\AppData\Local\Temp\ab9cd59d789e6c7841b9d28689743e700d492b5fae1606f184889cc7e6acadcc.exe
"C:\Users\Admin\AppData\Local\Temp\ab9cd59d789e6c7841b9d28689743e700d492b5fae1606f184889cc7e6acadcc.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:21120

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s fdPHost
1⤵
PID:21380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2488-0-0x000001F620280000-0x000001F62028E000-memory.dmp

Filesize
56KB

Download
memory/2488-1-0x00007FF8E5210000-0x00007FF8E5BFC000-memory.dmp

Filesize
9.9MB

Download
memory/2488-2-0x000001F63A7D0000-0x000001F63A7E0000-memory.dmp

Filesize
64KB

Download
memory/2488-5-0x00007FF8E5210000-0x00007FF8E5BFC000-memory.dmp

Filesize
9.9MB

Download