Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
22/04/2024, 03:42
General
-
Target
d496819c36d895045dc62bacc4be623d9f84a9bfa8889f9bad978905c2ca7f50.exe
-
Size
408KB
-
MD5
a26f0a1827be1ecbd0cd62e8c3b6b07a
-
SHA1
ecf6efb8a8282fcc4546501470188ba803cdb23d
-
SHA256
d496819c36d895045dc62bacc4be623d9f84a9bfa8889f9bad978905c2ca7f50
-
SHA512
60a105dc5b52ce4940a945a34068cb9a66b5af3c16f36277ecfc4789062db9514c85da677f4d69650de366d8c442611c322f2c807701685438e0bff85efe9640
-
SSDEEP
3072:CEGh0o/l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGhldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d496819c36d895045dc62bacc4be623d9f84a9bfa8889f9bad978905c2ca7f50.exe"C:\Users\Admin\AppData\Local\Temp\d496819c36d895045dc62bacc4be623d9f84a9bfa8889f9bad978905c2ca7f50.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8D75FC72-089E-4b93-91A3-0C6F1F273B38}.exeC:\Windows\{8D75FC72-089E-4b93-91A3-0C6F1F273B38}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59FB7195-8D95-4ff4-B252-A891FA945AB3}.exeC:\Windows\{59FB7195-8D95-4ff4-B252-A891FA945AB3}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{74A2271E-C3C9-4a1c-A1EF-A68172A20945}.exeC:\Windows\{74A2271E-C3C9-4a1c-A1EF-A68172A20945}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{87EBE736-FC35-49b8-BBB2-2D51164BA511}.exeC:\Windows\{87EBE736-FC35-49b8-BBB2-2D51164BA511}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{383D6EB8-F596-4742-A196-D2672E8A70DC}.exeC:\Windows\{383D6EB8-F596-4742-A196-D2672E8A70DC}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8269899E-691A-41ff-9AA3-90F584CF0DA2}.exeC:\Windows\{8269899E-691A-41ff-9AA3-90F584CF0DA2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{21B7C9EB-1828-49c1-9C59-70646C5A9CAF}.exeC:\Windows\{21B7C9EB-1828-49c1-9C59-70646C5A9CAF}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9D977860-0464-47ad-BA5E-7FA8B6531D57}.exeC:\Windows\{9D977860-0464-47ad-BA5E-7FA8B6531D57}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DD35B066-4B38-4c0c-B6C4-5CBE752C53C9}.exeC:\Windows\{DD35B066-4B38-4c0c-B6C4-5CBE752C53C9}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{36F6BA7A-AB60-4f43-8866-4500743AAFC4}.exeC:\Windows\{36F6BA7A-AB60-4f43-8866-4500743AAFC4}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{44B288B9-FE6B-4654-8B6E-65609BBD4147}.exeC:\Windows\{44B288B9-FE6B-4654-8B6E-65609BBD4147}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B9F0CD23-E67A-4b10-97F6-9EC56758C607}.exeC:\Windows\{B9F0CD23-E67A-4b10-97F6-9EC56758C607}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{44B28~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{36F6B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DD35B~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D977~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{21B7C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{82698~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{383D6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87EBE~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{74A22~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59FB7~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D75F~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\D49681~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5ff1b0b904f41f9f8e167f6c02ac4ad2a
SHA198cad6d16b27aedff81acc59093af47d1d2b6654
SHA2564519ea3532a76e0478c3f888546fa0b27fa9cfeef903a76b2eacac8a9e5b924c
SHA512733e6e952d02287ace1287a6df3524c5e78aeb8d003fd54700a4f8bb804557e2d946f8b7424d6012c77adde9402593f52f63735b6b3eb83061c7970ca0362939
-
Filesize
408KB
MD54c054c0555661ef655aa2f81e8bd11fe
SHA1b2921a03bb6f8c70841669646f2b8b51310b1052
SHA25612a164c99caf5bad56232dfafa35bbf4feee276f86bcada90475c4aa0c12974f
SHA512537deda8ff4de465f4ad8f31d038b94ad147cb646b9fb7080cc4d65b1cd2e87f4bfe698b9df86b911c478a7f919f0ad99830002207f85a9d2ef184dda2902353
-
Filesize
408KB
MD55ccc2ad3b9fccd43d57e2c2f4f7f396c
SHA1196017183a621fd5acd277d6feed082746e73b88
SHA256b21d4185fcca8b34062e67e597d32e58be8a147a8681d445cea38c95630e89ef
SHA51254495c52500732a1abfe14d139f1d9c3573ea4fb575f55a5ea224e87fba6ad2884a5895aa46625e7d068518d3a5bf18fcda67043df794ed842fa10a3a3362ef9
-
Filesize
408KB
MD51b9d2d72481f9b19eb99fab95aaf69cf
SHA190ee34430771022ffbf497ad87c271e5098d8622
SHA256f77e5ce4c1e6bf0b8448e26f5b0c36f4432db86cb7c5a180a2f2ca161edb17da
SHA5124bc0505d7d34575801497ebfc0ba837f07fb066c6599a0a0ed3fa119c30fdd21bb7eb9046b15bab852415b1e22bf5648a8ed3d41d2441ae2306ea72b21145394
-
Filesize
408KB
MD53e7dc7d0842a1da5b634f01da0e10006
SHA198ac21fbd642fdcc3656a26849aae5db049358f4
SHA256c7e127dfd75b7db4b34d50a549a171ac8665c8eff4d4ad6e0d1509cfb5c9e315
SHA512994fbbb6e83cf1d1ff8e065103c767745b6175b952bd1e3b6965c870780760042fd88a7ab62d47ef1f82f21ead0fde5124a1092fc3103018739d24b0fda2f6fa
-
Filesize
408KB
MD5b53267b1cb0b2eed1fb529cdf7277dd4
SHA13262cd52d559cbf5b7144f10a88b95d16c273153
SHA256025d8fddc9833676c61934df1a9a0671e9f1040465134f1ff46ac43a6d1c47a1
SHA51223e07d960b788c1706ed1052f6fa55fd298a33765f574522fb6ef1c0696b993626ac9b4c121a78ecc7032c104bf00510d3b321d33c8c70791eafb2151ae5a440
-
Filesize
408KB
MD5af8d4c4cfd3e6ec0603790eedab7825f
SHA1c23037a4318884816c3ffc8754f1528b9f6d6d5d
SHA256aa99ffc7253bda7c5a8fecf2a9224adda155b0ffffe7de51bb96d652b3472301
SHA512481a41bc90b057315de76ed2f9304ff600462d24d97c8eecde0fb0e5444c231beb079e3d46e40393bbbbe6becb42a824114d8ed4c93db6fd72d586fa60754230
-
Filesize
408KB
MD52647baac7cd1d7c886f629ca57b47e1c
SHA1f2b8d8001b2d890d63abc2b40b4c9aa29debb612
SHA256460f9e550f196dc500b17231620ce94d2429c3dfac29422e23fb30e63356d508
SHA512704e030bb4b55c671e2dc4de98d71f68f5a4724d67b2c23277e09d828936ed03e3a954e03817c73d3c9ef0e5838a15444b66568ae29e7c67ec746754af5530ec
-
Filesize
408KB
MD577ce08ec27919d717e940a03356b4299
SHA16bc792d477d48c7ccf4738b0562761f241fc6570
SHA256ec2ff3a8d4a93738a3b0d26f58fffe1e71e3cc12eedd359a35a9e3f297bafc80
SHA5127bc54e213e210376dfb9b11b0833bb4e6621eed8fdc0300b611170fe735156095ced69b7c364edba01e252b53f6ee1a30462e63ef9555b5df4d896d4d20c2ad4
-
Filesize
408KB
MD5594b55522c33f2ab5c0e142d022ddc33
SHA1f77bdbcfce3850a3f8a223ab1cd052d02904777a
SHA256eb8605f76dfb4f7e72e1fe16acd87d091e2c8a7ccd1a51bdfeb562b950b61886
SHA5121ff8b999d1d1fac6ab98b54fcc85fd47160751729b5dd34263be7013093c56b7c974a3891d6aaadf2aca52fff335909ca9efc36fc51a5bdd31eaa1e9cbc6f7f9
-
Filesize
408KB
MD5720793081e02e94784d6efb83dc9b180
SHA17738f08ac0a8896e761e86df11c991636891e645
SHA256f8566b2930221e72760cf7e1167f32d352933f1b55e13e090643a72d6f4ef71f
SHA51246b81b82a99f6ad1bffeabf75e4aa269e5601199e614b0713868a7c2ca39458aa89df09a6839d5bcaf05d165f5d63278e92b20f9c48abc5a9526020595b9a548
-
Filesize
408KB
MD5d23ba055df5e5f8ff42ff66e948e5df6
SHA1601044fe32f826a36685facd058cc13c3ba39842
SHA256b2e862a71c389a3365c474807e6c8db2f941f2b2372212f63d75ce4fcb17b64c
SHA5126a164329d2d9403f26f332b21fbf27d90a1348e8f0d5efb194caf65292f980f9662e9b01673c1be51a72d6fe3d23aa5de0dba62116267263cfe012a32a376631