Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    18-05-2024 22:54

General

  • Target

    78044e38f1aa6a5a7362ac521b38b85ec5bc18225cbb8758f8ff3f0059b0f73c.exe

  • Size

    5.0MB

  • MD5

    a61a75f56e7443ef8439ea457a1f45b7

  • SHA1

    a1599a79e4304dcc71a35a5dd45fec55e5c16a50

  • SHA256

    78044e38f1aa6a5a7362ac521b38b85ec5bc18225cbb8758f8ff3f0059b0f73c

  • SHA512

    9ce501a4f3ccf7c8c241ac9c35653998876ffa2b3ff718523f2946e16dffdf4982de8b1d973bd1e08310c57812282c6f52480f9a83ad907f7842a2eee2131418

  • SSDEEP

    24576:eXhZnJDtw/Ig00ne0t0kI8zLHPH7saDjxCuGavNNK8fkVNE+qzmT1hhA5U56vTRN:3

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78044e38f1aa6a5a7362ac521b38b85ec5bc18225cbb8758f8ff3f0059b0f73c.exe
    "C:\Users\Admin\AppData\Local\Temp\78044e38f1aa6a5a7362ac521b38b85ec5bc18225cbb8758f8ff3f0059b0f73c.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\78044e38f1aa6a5a7362ac521b38b85ec5bc18225cbb8758f8ff3f0059b0f73c.exe
      "C:\Users\Admin\AppData\Local\Temp\78044e38f1aa6a5a7362ac521b38b85ec5bc18225cbb8758f8ff3f0059b0f73c.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:3164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\loggsd\logs.dat

    Filesize

    184B

    MD5

    12cb2b9000ef0b697046a0b7228b65f4

    SHA1

    93b922925200168f39e15fe12c554d3f7ddd52b7

    SHA256

    87aa79c7377682e5a3148b56f0f43d30a13ee54b027744c8a59d5dda43be254f

    SHA512

    59f18147fa355048a396d257b3e7d2c0182d23f65c2f0dc6a3bb19888464db44bb95bfb04981c79624bec61b387da32c5c78b3c5a08000f0ef6109a960e7d6f4

  • memory/1700-50-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-18-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-3-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-14-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-12-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-10-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-8-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-6-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-4-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-22-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-30-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-52-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-60-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-48-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-66-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-62-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-58-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-56-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-4891-0x0000000000E20000-0x0000000000E74000-memory.dmp

    Filesize

    336KB

  • memory/1700-2-0x0000000005F50000-0x00000000061AE000-memory.dmp

    Filesize

    2.4MB

  • memory/1700-64-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-46-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-44-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-42-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-40-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-38-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-36-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-34-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-32-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-28-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-26-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-24-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-20-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-0-0x00000000747AE000-0x00000000747AF000-memory.dmp

    Filesize

    4KB

  • memory/1700-16-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-4890-0x0000000000610000-0x000000000065C000-memory.dmp

    Filesize

    304KB

  • memory/1700-4889-0x0000000004C60000-0x0000000004CFA000-memory.dmp

    Filesize

    616KB

  • memory/1700-54-0x0000000005F50000-0x00000000061A8000-memory.dmp

    Filesize

    2.3MB

  • memory/1700-1-0x0000000001080000-0x0000000001590000-memory.dmp

    Filesize

    5.1MB