bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522

Analysis

max time kernel
168s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2024 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe
Size

1.7MB
MD5

59cb69a08fdd9cb4b0539e3356df1d4d
SHA1

0c773a0a76f821780c002d527bee387b98904569
SHA256

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522
SHA512

51d4f3d396d183bc5dcaaa0a26cf024fade9b5e5c0e73e1d2ee7663ba26bc55e799beb488d5bab8d8252147b33df6ea1209ebd730124a919940e899758842ec2
SSDEEP

24576:u7FUDowAyrTVE3U5Fg23TD2D+Fz3ifFUwo433RfFcdnOtksSm:uBuZrEUWq0t9D7l

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

pid process

4840 bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

Loads dropped DLL 3 IoCs

Processes:

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

pid	process
4840	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp
4840	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp
4840	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

description pid process

Token: SeDebugPrivilege 4840 bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

description	pid	process
Token: SeDebugPrivilege	4840	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe

description	pid	process	target process
PID 1604 wrote to memory of 4840	1604	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp
PID 1604 wrote to memory of 4840	1604	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp
PID 1604 wrote to memory of 4840	1604	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe	bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

C:\Users\Admin\AppData\Local\Temp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe
"C:\Users\Admin\AppData\Local\Temp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1604

C:\Users\Admin\AppData\Local\Temp\is-AEHBN.tmp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AEHBN.tmp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp" /SL5="$60040,890440,866304,C:\Users\Admin\AppData\Local\Temp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-AEHBN.tmp\bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522.tmp

Filesize
3.1MB

MD5
29ca787f3a0d83846b7318d02fccb583

SHA1
b3688c01bef0e9f1fe62dc831926df3ca92b3778

SHA256
746b972e21acb59e4086b5b25fe53ef2cddcecfa94dd56ad68c8e5bab9960c3c

SHA512
a6c21bf5590dc91a5d9bc729d9c04c20b54341d3270efd2fb7d2b548d7dc7b23a1a351147a07dfd569e901a608cb44533304de10725cb02fec781cada80b8e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GMKEA.tmp\Nord.Setup.dll

Filesize
40KB

MD5
b18bd486c5718397bc65d77a16ce2593

SHA1
58fe73e27c5c04e6915c5358f698f7fe8c2b5af8

SHA256
0bbf32b0553ca1292602e8c2c0458e075fdee2c8b6ef8ea81e924a86bc065f3c

SHA512
f4ffa1c8983914c41657fecc11c9324caa5899ad875b9687da8ffcf79ab189f19d6f926e16f09f240de9e6b22e26691fae785ed95657af310de5bf6c58ce8e0e

Download Submit
memory/1604-26-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/1604-0-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/4840-5-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/4840-18-0x00000000036C0000-0x00000000036D0000-memory.dmp

Filesize
64KB

Download
memory/4840-22-0x0000000003760000-0x0000000003770000-memory.dmp

Filesize
64KB

Download
memory/4840-23-0x0000000074730000-0x0000000074740000-memory.dmp

Filesize
64KB

Download
memory/4840-24-0x0000000073E90000-0x0000000074640000-memory.dmp

Filesize
7.7MB

Download
memory/4840-25-0x0000000006980000-0x0000000006EAC000-memory.dmp

Filesize
5.2MB

Download
memory/4840-27-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4840-30-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/4840-31-0x00000000036C0000-0x00000000036D0000-memory.dmp

Filesize
64KB

Download
memory/4840-32-0x0000000073E90000-0x0000000074640000-memory.dmp

Filesize
7.7MB

Download