b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef

Analysis

max time kernel
143s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
Size

46.1MB
MD5

e7cd705760309001e9cdfd9d33aabfa9
SHA1

f14bb1f004c425e9b7a89552386c5cb1d6b02ae9
SHA256

b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef
SHA512

e25bd745e138082b2288899649d57702a1cd26b75a71a20fd778021e7c27ee9b152f63039aaab80190deceed2b94667ad54056935e27e7dc8f13910b2dbffb47
SSDEEP

786432:Wwb93z3Cjdndlc2dynl5yoC/jhFz3CjdJ:WGgdK24yoC/j

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 43 IoCs

pid	Process
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
4032	b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe

C:\Users\Admin\AppData\Local\Temp\b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe
"C:\Users\Admin\AppData\Local\Temp\b561d67c2982629b2cd215076fbb65abd5a5850f13088c0fbea7a6d2115b5fef.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4032-0-0x0000000074BC0000-0x0000000075370000-memory.dmp

Filesize
7.7MB

Download
memory/4032-1-0x00000000008B0000-0x00000000036DA000-memory.dmp

Filesize
46.2MB

Download
memory/4032-2-0x0000000008650000-0x0000000008BF4000-memory.dmp

Filesize
5.6MB

Download
memory/4032-3-0x0000000008140000-0x00000000081D2000-memory.dmp

Filesize
584KB

Download
memory/4032-4-0x0000000008090000-0x00000000080A0000-memory.dmp

Filesize
64KB

Download
memory/4032-14-0x0000000008130000-0x000000000813A000-memory.dmp

Filesize
40KB

Download
memory/4032-16-0x0000000008090000-0x00000000080A0000-memory.dmp

Filesize
64KB

Download
memory/4032-17-0x000000000BC80000-0x000000000BD32000-memory.dmp

Filesize
712KB

Download
memory/4032-18-0x000000000A1D0000-0x000000000A1F2000-memory.dmp

Filesize
136KB

Download
memory/4032-19-0x000000000BD50000-0x000000000C0A4000-memory.dmp

Filesize
3.3MB

Download
memory/4032-20-0x000000000A4C0000-0x000000000A4F4000-memory.dmp

Filesize
208KB

Download
memory/4032-21-0x000000000C310000-0x000000000C3A8000-memory.dmp

Filesize
608KB

Download
memory/4032-22-0x000000000C3D0000-0x000000000C3EA000-memory.dmp

Filesize
104KB

Download
memory/4032-23-0x000000000C3F0000-0x000000000C3FA000-memory.dmp

Filesize
40KB

Download
memory/4032-24-0x000000000C400000-0x000000000C434000-memory.dmp

Filesize
208KB

Download
memory/4032-26-0x0000000008090000-0x00000000080A0000-memory.dmp

Filesize
64KB

Download
memory/4032-25-0x000000000C440000-0x000000000C44A000-memory.dmp

Filesize
40KB

Download
memory/4032-27-0x000000000C3C0000-0x000000000C3CE000-memory.dmp

Filesize
56KB

Download
memory/4032-28-0x000000000C450000-0x000000000C464000-memory.dmp

Filesize
80KB

Download
memory/4032-29-0x000000000C470000-0x000000000C492000-memory.dmp

Filesize
136KB

Download
memory/4032-30-0x000000000C9D0000-0x000000000CEFC000-memory.dmp

Filesize
5.2MB

Download
memory/4032-31-0x000000000C500000-0x000000000C50C000-memory.dmp

Filesize
48KB

Download
memory/4032-32-0x000000000C5A0000-0x000000000C5AE000-memory.dmp

Filesize
56KB

Download
memory/4032-33-0x000000000C460000-0x000000000C46A000-memory.dmp

Filesize
40KB

Download
memory/4032-34-0x000000000D2A0000-0x000000000D2AE000-memory.dmp

Filesize
56KB

Download
memory/4032-35-0x000000000D2C0000-0x000000000D2D0000-memory.dmp

Filesize
64KB

Download
memory/4032-36-0x000000000D2D0000-0x000000000D2DE000-memory.dmp

Filesize
56KB

Download
memory/4032-37-0x000000000D2E0000-0x000000000D2F4000-memory.dmp

Filesize
80KB

Download
memory/4032-38-0x000000000D300000-0x000000000D314000-memory.dmp

Filesize
80KB

Download
memory/4032-39-0x000000000D490000-0x000000000D4B6000-memory.dmp

Filesize
152KB

Download
memory/4032-40-0x000000000D4C0000-0x000000000D4DC000-memory.dmp

Filesize
112KB

Download
memory/4032-41-0x000000000D500000-0x000000000D558000-memory.dmp

Filesize
352KB

Download
memory/4032-42-0x000000000D5A0000-0x000000000D5AA000-memory.dmp

Filesize
40KB

Download
memory/4032-43-0x000000000D590000-0x000000000D598000-memory.dmp

Filesize
32KB

Download
memory/4032-44-0x000000000D700000-0x000000000D716000-memory.dmp

Filesize
88KB

Download
memory/4032-45-0x000000000D740000-0x000000000D748000-memory.dmp

Filesize
32KB

Download
memory/4032-46-0x000000000DD70000-0x000000000E388000-memory.dmp

Filesize
6.1MB

Download
memory/4032-47-0x000000000D7C0000-0x000000000D7CE000-memory.dmp

Filesize
56KB

Download
memory/4032-48-0x000000000D7E0000-0x000000000D7EC000-memory.dmp

Filesize
48KB

Download
memory/4032-49-0x000000000D800000-0x000000000D834000-memory.dmp

Filesize
208KB

Download
memory/4032-50-0x000000000D840000-0x000000000D862000-memory.dmp

Filesize
136KB

Download
memory/4032-51-0x000000000D860000-0x000000000D8A4000-memory.dmp

Filesize
272KB

Download
memory/4032-52-0x000000000D8B0000-0x000000000D8C0000-memory.dmp

Filesize
64KB

Download
memory/4032-55-0x000000000B890000-0x000000000B8A6000-memory.dmp

Filesize
88KB

Download
memory/4032-56-0x000000000DCE0000-0x000000000DCFE000-memory.dmp

Filesize
120KB

Download
memory/4032-57-0x0000000074BC0000-0x0000000075370000-memory.dmp

Filesize
7.7MB

Download
memory/4032-58-0x0000000008090000-0x00000000080A0000-memory.dmp

Filesize
64KB

Download
memory/4032-59-0x0000000008090000-0x00000000080A0000-memory.dmp

Filesize
64KB

Download
memory/4032-60-0x0000000008090000-0x00000000080A0000-memory.dmp

Filesize
64KB

Download