35f8f54e3417795e8d1d7262b0542792ba692a2f44a71ae10e71fc5173bd6d49

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ebafcbe769f7d1c80fed51d42f16e5f.exe
Size

357KB
MD5

7ebafcbe769f7d1c80fed51d42f16e5f
SHA1

ff83ba0d02351c1bcfa1f88e361560db9d4609ee
SHA256

35f8f54e3417795e8d1d7262b0542792ba692a2f44a71ae10e71fc5173bd6d49
SHA512

367727f471ad5780d1116bbfe8d56d012b5244f2f797d60865902fb67ad97504615b1144e1039ae2495dd70159052f239dc9f68c8ba3707a75d430ad73d36a44
SSDEEP

6144:Vu+kBmWicfSPyXTnkl+r+MHLt8TaggWQI9T1S0osk:VAmWip2TnGC+MHL2mgiIF1S0

Score

6^/10

persistence

Malware Config

Signatures

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\b5cc58c7 = "NWI@v]Û{PŒÆ\u00a0\x10›p\x11LeM˜Ñü¡©\x12–,¹˜<ÈÕuÐ\aÕ£Xó\"7Ø\x0e[03öùTrLÜ{Í\x14ý\x1c¸\u00ad¨ï4/Åp—\x14d8€\u00ady\x05\u008dr\r”™åueìe©\\\x12¥¥Iò½‰U\x1a°\u00ad%•ø\x05Œ¼Uh\u0081E\x04ìÅ\t\x02mù\tUm0Ä°\x18(H\r9¨ñ\u008dÉ"	7ebafcbe769f7d1c80fed51d42f16e5f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1396	7ebafcbe769f7d1c80fed51d42f16e5f.exe

C:\Users\Admin\AppData\Local\Temp\7ebafcbe769f7d1c80fed51d42f16e5f.exe
"C:\Users\Admin\AppData\Local\Temp\7ebafcbe769f7d1c80fed51d42f16e5f.exe"
1⤵
- Modifies WinLogon
- Suspicious use of AdjustPrivilegeToken
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1396-1-0x0000000002290000-0x000000000233A000-memory.dmp

Filesize
680KB

Download
memory/1396-2-0x00000000027E0000-0x0000000002899000-memory.dmp

Filesize
740KB

Download
memory/1396-4-0x00000000027E0000-0x0000000002899000-memory.dmp

Filesize
740KB

Download
memory/1396-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1396-7-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/1396-8-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/1396-9-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1396-11-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/1396-12-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/1396-15-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/1396-16-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/1396-18-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/1396-19-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1396-22-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/1396-23-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1396-25-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/1396-29-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1396-30-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/1396-32-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/1396-33-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/1396-36-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/1396-37-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/1396-39-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/1396-41-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1396-44-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/1396-45-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1396-47-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/1396-51-0x00000000027E0000-0x0000000002899000-memory.dmp

Filesize
740KB

Download
memory/1396-50-0x0000000077BF2000-0x0000000077BF3000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads