e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306

Resubmissions

09/04/2024, 02:52

240409-dc1rssfh6x 8

09/04/2024, 02:49

240409-da6v2acc46 3

09/04/2024, 02:45

240409-c8yrmscb55 7

09/04/2024, 02:41

240409-c6xfssff6v 1

Analysis

max time kernel
133s
max time network
140s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/04/2024, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 786937.exe
Size

2.9MB
MD5

dc29dd92582fe161658ceea65e314239
SHA1

22cbba5817885e3bd99470cfda7a49a7aa005a65
SHA256

e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306
SHA512

0ca785098d55efa83b1bebac71cc9d926661d67eb0dba85db3afdcf54653c1e9902f74a2e094c1ee1b0645833216b9653e71d354fdbfa5e8ec43ab149c4ff413
SSDEEP

24576:yJyn9l7TSInUrer2lTL2Kk8cfLDxvqGos7S8m657w6ZBLmkitKqBCjC0PDgM5A4C:9Ka29L218cvxiVV1BCjBknWo

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3708	Unconfirmed 786937.exe
4012	Unconfirmed 786937.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3708	Unconfirmed 786937.exe
Token: SeDebugPrivilege	4012	Unconfirmed 786937.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3708	Unconfirmed 786937.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 4012	3708	Unconfirmed 786937.exe	74
PID 3708 wrote to memory of 4012	3708	Unconfirmed 786937.exe	74
PID 3708 wrote to memory of 4012	3708	Unconfirmed 786937.exe	74

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
  "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe" --monitor 1804
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Unconfirmed 786937.exe.log

Filesize
2KB

MD5
7f9a10c6953364b8d1b32898e6c74536

SHA1
00a5d4e2e767ea2b8240fa630e0002391c1a85cc

SHA256
1a1bfc08345eb1e5f5b225db4e255b9643f68af570af82f6850d198de4d7075d

SHA512
00bf73f4c444bf92b4b7e6edbc15082a778e00c3a42d1de23a2d4ef3442fef5af06304a71609cb4a1b6c4f2c803f272cb8340e012fc3632c3b4f75c1b85c7e81

Download Submit
memory/3708-31-0x0000000073870000-0x0000000073F5E000-memory.dmp

Filesize
6.9MB

Download
memory/3708-11-0x0000000008B20000-0x0000000008B42000-memory.dmp

Filesize
136KB

Download
memory/3708-3-0x0000000005230000-0x00000000052E0000-memory.dmp

Filesize
704KB

Download
memory/3708-4-0x0000000005B70000-0x0000000005BC6000-memory.dmp

Filesize
344KB

Download
memory/3708-5-0x0000000006410000-0x0000000006448000-memory.dmp

Filesize
224KB

Download
memory/3708-0-0x0000000000480000-0x0000000000760000-memory.dmp

Filesize
2.9MB

Download
memory/3708-7-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/3708-24-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/3708-2-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/3708-9-0x0000000006670000-0x0000000006678000-memory.dmp

Filesize
32KB

Download
memory/3708-10-0x00000000066E0000-0x0000000006724000-memory.dmp

Filesize
272KB

Download
memory/3708-12-0x0000000008FD0000-0x0000000009320000-memory.dmp

Filesize
3.3MB

Download
memory/3708-13-0x00000000093F0000-0x0000000009482000-memory.dmp

Filesize
584KB

Download
memory/3708-14-0x0000000009A90000-0x0000000009F8E000-memory.dmp

Filesize
5.0MB

Download
memory/3708-15-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/3708-20-0x0000000073870000-0x0000000073F5E000-memory.dmp

Filesize
6.9MB

Download
memory/3708-21-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/3708-1-0x0000000073870000-0x0000000073F5E000-memory.dmp

Filesize
6.9MB

Download
memory/4012-6-0x0000000073870000-0x0000000073F5E000-memory.dmp

Filesize
6.9MB

Download
memory/4012-23-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

Filesize
64KB

Download
memory/4012-28-0x0000000073870000-0x0000000073F5E000-memory.dmp

Filesize
6.9MB

Download
memory/4012-22-0x0000000073870000-0x0000000073F5E000-memory.dmp

Filesize
6.9MB

Download
memory/4012-8-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

Filesize
64KB

Download