e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306

Resubmissions

09/04/2024, 02:52

240409-dc1rssfh6x 8

09/04/2024, 02:49

240409-da6v2acc46 3

09/04/2024, 02:45

240409-c8yrmscb55 7

09/04/2024, 02:41

240409-c6xfssff6v 1

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 786937.exe
Size

2.9MB
MD5

dc29dd92582fe161658ceea65e314239
SHA1

22cbba5817885e3bd99470cfda7a49a7aa005a65
SHA256

e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306
SHA512

0ca785098d55efa83b1bebac71cc9d926661d67eb0dba85db3afdcf54653c1e9902f74a2e094c1ee1b0645833216b9653e71d354fdbfa5e8ec43ab149c4ff413
SSDEEP

24576:yJyn9l7TSInUrer2lTL2Kk8cfLDxvqGos7S8m657w6ZBLmkitKqBCjC0PDgM5A4C:9Ka29L218cvxiVV1BCjBknWo

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1716	Unconfirmed 786937.exe
2452	Unconfirmed 786937.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1716	Unconfirmed 786937.exe
Token: SeDebugPrivilege	2452	Unconfirmed 786937.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2452	1716	Unconfirmed 786937.exe	89
PID 1716 wrote to memory of 2452	1716	Unconfirmed 786937.exe	89
PID 1716 wrote to memory of 2452	1716	Unconfirmed 786937.exe	89

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
  "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe" --monitor 1872
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-10-0x0000000006760000-0x0000000006768000-memory.dmp

Filesize
32KB

Download
memory/1716-9-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/1716-2-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/1716-3-0x00000000052D0000-0x0000000005380000-memory.dmp

Filesize
704KB

Download
memory/1716-4-0x0000000005B00000-0x0000000005B56000-memory.dmp

Filesize
344KB

Download
memory/1716-5-0x00000000063F0000-0x0000000006428000-memory.dmp

Filesize
224KB

Download
memory/1716-1-0x00000000003B0000-0x0000000000690000-memory.dmp

Filesize
2.9MB

Download
memory/1716-12-0x0000000008C60000-0x0000000008C82000-memory.dmp

Filesize
136KB

Download
memory/1716-11-0x00000000087A0000-0x00000000087E4000-memory.dmp

Filesize
272KB

Download
memory/1716-25-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/1716-0-0x00000000753F0000-0x0000000075BA0000-memory.dmp

Filesize
7.7MB

Download
memory/1716-26-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/1716-6-0x00000000063C0000-0x00000000063CE000-memory.dmp

Filesize
56KB

Download
memory/1716-13-0x0000000009750000-0x00000000097E2000-memory.dmp

Filesize
584KB

Download
memory/1716-14-0x0000000009DA0000-0x000000000A344000-memory.dmp

Filesize
5.6MB

Download
memory/1716-15-0x0000000009900000-0x0000000009C54000-memory.dmp

Filesize
3.3MB

Download
memory/1716-16-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/1716-21-0x00000000753F0000-0x0000000075BA0000-memory.dmp

Filesize
7.7MB

Download
memory/1716-22-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/2452-7-0x00000000753F0000-0x0000000075BA0000-memory.dmp

Filesize
7.7MB

Download
memory/2452-24-0x0000000005000000-0x0000000005010000-memory.dmp

Filesize
64KB

Download
memory/2452-23-0x00000000753F0000-0x0000000075BA0000-memory.dmp

Filesize
7.7MB

Download
memory/2452-8-0x0000000005000000-0x0000000005010000-memory.dmp

Filesize
64KB

Download