05adaaab1536f2f78c397a71494b0b8c4d18dd7148848ac130d1e55086bf54a5

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CMC+ v8.exe
Size

4.4MB
MD5

6e35a3ca817ecc452342262ebc0fd318
SHA1

9c223e899ab56b49622d87613e5e09e35bafb1ed
SHA256

05adaaab1536f2f78c397a71494b0b8c4d18dd7148848ac130d1e55086bf54a5
SHA512

52045302b40b0c5fe88b427224a682ede616508dfca66a278e2dac8e245786b57d9cd843c90e3c96a22f30de27915998c1f516367defe98653da7b08ac023a1a
SSDEEP

98304:imVm658k48Tms1vYHIt7sVEA3Uj/gQfrYVDUkpF3:JVm7D4D1z7KkjZDYDp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3984	CMC+ v8.exe
3984	CMC+ v8.exe
3984	CMC+ v8.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5016	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3984	CMC+ v8.exe
3984	CMC+ v8.exe

C:\Users\Admin\AppData\Local\Temp\CMC+ v8.exe
"C:\Users\Admin\AppData\Local\Temp\CMC+ v8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gm_ttt_94422\D3DX8.dll

Filesize
484KB

MD5
74529599302a2e09c30b1e119a0709f2

SHA1
5990f60194ecafaf43340e44657d224f8d5682eb

SHA256
edfc5f86be36c2c509e4ad6ba3742bb5b2429a56de805a99771e24fec62b076a

SHA512
25d1c2bc15f5d20f3d69a2c20727e4e2cbb7086aa18ec535eea2a5766302b031c12b9139467b717537300e1497102b387dcc3f53ca5ff11f5301de672efe4b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\gm_ttt_94422\shaderexttemp\shader.dll

Filesize
292KB

MD5
19685b1e54475f4952b1bfd28c0f37a4

SHA1
e7805bd034e1c30be1635520f40cbca4f980dad5

SHA256
33eb5273c3269b6be34aa5da679852eb4cb009f34dec5b86c735364f1f183d0e

SHA512
75abd546f65b315ec02d4ec5e66276bf4fd215c20e9f57e7c6bbd4336f31d8134d4d6f32e19f82826dc7473358c5187748ef4b575accf71a10d580acad32ed5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gm_ttt_94422\temp263\faucetforwarding.dll

Filesize
689KB

MD5
bb6cebd7ba380ff8df3617922675a290

SHA1
c7283f46c45b4a9b88a44371e85153e48c2c4353

SHA256
6364809449fb200735b59fd934e14970ee3be3755bc54ee11af2877b0974c13a

SHA512
be66e529c0a141093ca7d24c3405c5fe540da201700b8ad730e64b1177b78b03c909f9e12e4ca69ba8cba544d07b0736a899008a05f2f2dcd6d0ead5ecabdd99

Download Submit
memory/3984-0-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/3984-14-0x0000000000400000-0x000000000078A000-memory.dmp

Filesize
3.5MB

Download
memory/3984-15-0x000000006BF40000-0x000000006BFF4000-memory.dmp

Filesize
720KB

Download
memory/3984-24-0x0000000000400000-0x000000000078A000-memory.dmp

Filesize
3.5MB

Download
memory/3984-25-0x0000000000400000-0x000000000078A000-memory.dmp

Filesize
3.5MB

Download
memory/3984-26-0x0000000000400000-0x000000000078A000-memory.dmp

Filesize
3.5MB

Download
memory/3984-28-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/3984-29-0x0000000000400000-0x000000000078A000-memory.dmp

Filesize
3.5MB

Download
memory/3984-34-0x0000000000400000-0x000000000078A000-memory.dmp

Filesize
3.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads