Overview

overview

8

Static

static

3

c83f5af023...f0.exe

windows7-x64

8

c83f5af023...f0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c83f5af0237f0f5b624a5f7917b475f77417be141c188c94fb113b13441fc7f0.exe

  • Size

    89KB

  • MD5

    5c1b52d0260ac8c8bad8eaadb2ebcf2b

  • SHA1

    2ba82c58b29187280fd2c3fa4135d5a9e21dec41

  • SHA256

    c83f5af0237f0f5b624a5f7917b475f77417be141c188c94fb113b13441fc7f0

  • SHA512

    3483db971c72c551583432556557aaf6c96338c75af9bfb4adf81beb64c8801be94ce5bbdddd3d711cd81528aade75a8d3b0d324387244b852badf60a191020e

  • SSDEEP

    768:Qvw9816vhKQLrop4/wQRNrfrunMxVFA3b7gl5:YEGh0opl2unMxVS3HgX

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 24 IoCs
    persistence
  • Executes dropped EXE 12 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c83f5af0237f0f5b624a5f7917b475f77417be141c188c94fb113b13441fc7f0.exe
    "C:\Users\Admin\AppData\Local\Temp\c83f5af0237f0f5b624a5f7917b475f77417be141c188c94fb113b13441fc7f0.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\{155D1377-0448-498b-93A2-55978C59B173}.exe
      C:\Windows\{155D1377-0448-498b-93A2-55978C59B173}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4520
      • C:\Windows\{06D0D67D-0ED8-40fa-A4CC-F6BC28BC71AD}.exe
        C:\Windows\{06D0D67D-0ED8-40fa-A4CC-F6BC28BC71AD}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4768
        • C:\Windows\{92F9F56C-25B8-499c-9949-2C629F206835}.exe
          C:\Windows\{92F9F56C-25B8-499c-9949-2C629F206835}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:968
          • C:\Windows\{B5D5C966-AC01-457a-B749-838366FB065A}.exe
            C:\Windows\{B5D5C966-AC01-457a-B749-838366FB065A}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:5000
            • C:\Windows\{D8E60AFD-D2BB-4407-B10C-CB0CB32247C7}.exe
              C:\Windows\{D8E60AFD-D2BB-4407-B10C-CB0CB32247C7}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3040
              • C:\Windows\{3F32C732-1145-4b5b-BEFC-99F20C4ED80E}.exe
                C:\Windows\{3F32C732-1145-4b5b-BEFC-99F20C4ED80E}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:3652
                • C:\Windows\{2EC1196B-0312-4dcf-9E0F-F00064AABE87}.exe
                  C:\Windows\{2EC1196B-0312-4dcf-9E0F-F00064AABE87}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4152
                  • C:\Windows\{FE868E72-7FCA-4549-B39D-02F1BADE6BCB}.exe
                    C:\Windows\{FE868E72-7FCA-4549-B39D-02F1BADE6BCB}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2632
                    • C:\Windows\{5CAB0878-8D0D-4b57-925D-1A2A6D918319}.exe
                      C:\Windows\{5CAB0878-8D0D-4b57-925D-1A2A6D918319}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:3136
                      • C:\Windows\{DE777E37-B003-4385-8C91-DBBDA6CFC2F2}.exe
                        C:\Windows\{DE777E37-B003-4385-8C91-DBBDA6CFC2F2}.exe
                        11⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:224
                        • C:\Windows\{6A3EBC30-4963-41db-BFCB-A360E3C50676}.exe
                          C:\Windows\{6A3EBC30-4963-41db-BFCB-A360E3C50676}.exe
                          12⤵
                          • Modifies Installed Components in the registry
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3768
                          • C:\Windows\{69217530-D852-4fa4-99CB-7A0F1950EE1F}.exe
                            C:\Windows\{69217530-D852-4fa4-99CB-7A0F1950EE1F}.exe
                            13⤵
                            • Executes dropped EXE
                            PID:4388
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{6A3EB~1.EXE > nul
                            13⤵
                              PID:3616
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{DE777~1.EXE > nul
                            12⤵
                              PID:848
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{5CAB0~1.EXE > nul
                            11⤵
                              PID:2784
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{FE868~1.EXE > nul
                            10⤵
                              PID:3400
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{2EC11~1.EXE > nul
                            9⤵
                              PID:2372
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{3F32C~1.EXE > nul
                            8⤵
                              PID:4352
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{D8E60~1.EXE > nul
                            7⤵
                              PID:4384
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{B5D5C~1.EXE > nul
                            6⤵
                              PID:2784
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{92F9F~1.EXE > nul
                            5⤵
                              PID:2856
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{06D0D~1.EXE > nul
                            4⤵
                              PID:2340
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Windows\{155D1~1.EXE > nul
                            3⤵
                              PID:3628
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\C83F5A~1.EXE > nul
                            2⤵
                              PID:1416

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Windows\{06D0D67D-0ED8-40fa-A4CC-F6BC28BC71AD}.exe
                            Filesize

                            89KB

                            MD5

                            2bc82c69fe748750d2c99a10c3654704

                            SHA1

                            f64bf6ea13313391ec4980e1583f3bef3af75539

                            SHA256

                            74583631e88dcf904fbb6a0389ec87302d4dffea001dbe5abe5c1a13c69aec6b

                            SHA512

                            6a132ae3acc2bfc7866520eca4f555f197a4be6658f5f06b60eaa4aeb6c7ac4284c0164fb1507160c09a66af39752c1ef1f29d68a5c95535421f35dda0afb86b

                            Download Submit

                          • C:\Windows\{155D1377-0448-498b-93A2-55978C59B173}.exe
                            Filesize

                            89KB

                            MD5

                            a76830bae818e8a60747fc845db90fe2

                            SHA1

                            78da901929f40024bda0566cfa1a3427672c3c1b

                            SHA256

                            8e44c8d1fa48c6e8411668adcf51ebe633254131ada518022fe6ed3c77831dbd

                            SHA512

                            216854073b6abcf0faff0495f1749344cf67a36e040e2a9ff780b50882d084dd378b8ce9b4fef0719e975d0458df285bd472c5c2122ddb9783e55fa81ad30425

                            Download Submit

                          • C:\Windows\{2EC1196B-0312-4dcf-9E0F-F00064AABE87}.exe
                            Filesize

                            89KB

                            MD5

                            c55c93f616004a5d96d32af1892a79ae

                            SHA1

                            a97563024e7e1415a8daef0f4ed90dfaf6e7d1f0

                            SHA256

                            35cc154cef1a778f8f0b625f7867174489bf11bde48c8c9b51c508425a426cf2

                            SHA512

                            ca8c18f34e389e5a8a57730b87537e819c279accb5f7016b1ce799a8e11d83f8a4bb096bfb44744b65e7a968c9487f3195c93918e62141f3e73beed2d1ad0305

                            Download Submit

                          • C:\Windows\{3F32C732-1145-4b5b-BEFC-99F20C4ED80E}.exe
                            Filesize

                            89KB

                            MD5

                            00cf9c6ea3e29f65c3ff0ab5420c4446

                            SHA1

                            0c3ab65e76f7af74320523a7256587c5b4da15df

                            SHA256

                            4ad9dd09e95e1deb18ef1706debfcfbf3ff0ca373810f09d701a676540bd4cb7

                            SHA512

                            fee64629a4aea6b01025ceaa82b44faaee7fc40b0f8c359617000cfb03b969e437a8d276ab3de427dad9c866af2a427753b4582e584c12f47b85b1e2dce0ee5a

                            Download Submit

                          • C:\Windows\{5CAB0878-8D0D-4b57-925D-1A2A6D918319}.exe
                            Filesize

                            89KB

                            MD5

                            7e4d0dd9d208cfd3cdbbbf1bf4bc8027

                            SHA1

                            575bbed6fdae2959ecea138a9bb4fb7506b6c2c1

                            SHA256

                            26fd1960c3aba9c3b5462755379eb6b8c0c9e427a2e3856ed4bbef23947b6fa3

                            SHA512

                            10eb08290f5dc70e32466bccaf20493799202fe821cda6f17212a55146740095257587a945ff236233837e48db40120f32864a5e3a7b139ae4946198140c179d

                            Download Submit

                          • C:\Windows\{69217530-D852-4fa4-99CB-7A0F1950EE1F}.exe
                            Filesize

                            89KB

                            MD5

                            f63b81a86177857d11a176f049973cbb

                            SHA1

                            5021e5daf52f5c22fd983a05307e9de72219e0ed

                            SHA256

                            6a3497bc8c3161a0cb2be7a7f4851f8226cd44f1a6edf68bf6ca09cc6b3e3c16

                            SHA512

                            81410e24aa0b3d5b60815c1747fce0ce74f5b955b5870cf9c0ab0cbb468ba298da217f9a02f7da356b684cc8a7f9a48b11927e81e902d44cd3e7546ec7dbb6c6

                            Download Submit

                          • C:\Windows\{6A3EBC30-4963-41db-BFCB-A360E3C50676}.exe
                            Filesize

                            89KB

                            MD5

                            c0c1f8f1efa3ddaf10d849098acc807c

                            SHA1

                            a7630ab7000b8a64c437d89b1d587c48809fbb51

                            SHA256

                            9e39c1039c203360b15afd820d3cdb1f73642030ad2ea5f5ba8c96b94f711a73

                            SHA512

                            30d2abb82a2fd45c5c2324bc85655c30ed4b4c6e1d93eb4ca574582de9dc3183427f3bb3c0e14e346e149e2d35c5aeab797c05ffe18c71a52705e9923bbd2033

                            Download Submit

                          • C:\Windows\{92F9F56C-25B8-499c-9949-2C629F206835}.exe
                            Filesize

                            89KB

                            MD5

                            ba9875a5bca23a2b185f9de78ae84d8b

                            SHA1

                            0ee742d0d12975cf6b0d8db7e966fbed9563605b

                            SHA256

                            edf17962e838f0b913023b97fd0df030536e88be0395c26b4fbdad985ba1f7a5

                            SHA512

                            78d598704894f6210fd6d1c786732ebff6103d2aa098249cc81105f07c6566b0e802ad96f13d5fda74b8115a83b9efde978c4b1a3f306a1e6d4d2d0cfb6a56d4

                            Download Submit

                          • C:\Windows\{B5D5C966-AC01-457a-B749-838366FB065A}.exe
                            Filesize

                            89KB

                            MD5

                            d9da04cbe7e53dff9a3bbb8121840fd7

                            SHA1

                            026b26c423fbaa7e6da38051d49a607a95ff9b28

                            SHA256

                            934f5127a2a684f4f0bd4a813472fcf21e12ba327a58147bebaa651e5ed8b821

                            SHA512

                            45ce211f1d9bafe2874830b9d9c05c10c092fc02e484f7c6cb3bf5e026df9032b5323e347584a885c1e4b6f3e38193375458983103e090964f00fe9740b06a8e

                            Download Submit

                          • C:\Windows\{D8E60AFD-D2BB-4407-B10C-CB0CB32247C7}.exe
                            Filesize

                            89KB

                            MD5

                            e245409a7229290c9c96a27b5f1dfbed

                            SHA1

                            28674e0598f81c62dfad81877344c4edbd09e75c

                            SHA256

                            1312c8fd04e84e103c03bdf813868f2c8162d14986291711e2dd783390c47b53

                            SHA512

                            6cf4c40f686ffab7f329b4e8ba4ebc4a90e2713ad490fa4a40efbcdea8292d0c9860a9f698ce90c33b264086d1fdd2569f98b9146c49edb792773c2ac5f87462

                            Download Submit

                          • C:\Windows\{DE777E37-B003-4385-8C91-DBBDA6CFC2F2}.exe
                            Filesize

                            89KB

                            MD5

                            bf5a258545db3b3671e96335923d7d46

                            SHA1

                            9dbd410a746b2bf999ce1db102331a3bbfe6e890

                            SHA256

                            0b30866ba0d862d822917b6a4c9d637f173bef175a3b4164f3241c3f96ba40cb

                            SHA512

                            4a4b713078888294fe4723f65745664b2e7b913494b60750fc542ffd0491a73a46c2d02ff9b610e095af34073c15c9f2b7e43fbc6987f0913cb34b791c80107d

                            Download Submit

                          • C:\Windows\{FE868E72-7FCA-4549-B39D-02F1BADE6BCB}.exe
                            Filesize

                            89KB

                            MD5

                            538496f4639a10589598185a1cef72fe

                            SHA1

                            b705ccf06e75319843198fbfc9d5d3aaf21536d1

                            SHA256

                            35efdadc07e5ec37c0e5b58d2d8730cc5311901cdce970b6eeb5377c01d12f5f

                            SHA512

                            abb583a85fe5c18f543e64b84be3e21d94ccf2129dc5d4be02757ed7bb2d43950033a2fc03f61d7a635cb488d8d0d728296645e463f356247d61358949a9bfa0

                            Download Submit