e4edb4a6d5718591e0fa02d78f3af9fe5cea87ed7f0e792fddc7022c6b5460c6

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3681321143840CM.exe
Size

667KB
MD5

0f10988a5146ac132e1bbc875b3cd3dd
SHA1

a89fe9be43139dd986305da3876229ba2cbfb7bd
SHA256

e4edb4a6d5718591e0fa02d78f3af9fe5cea87ed7f0e792fddc7022c6b5460c6
SHA512

4282ff8b128270e68785514c5211bdf1aa8c7727c55d1aa5197e0635edbabf6c58fab6379f60d372bfef8f580de043b9e00803070d8dc48f0f9669479a697535
SSDEEP

12288:BaIzwcGHWnqefhLXgeNyzd5PaAd6pk2nSLTTEj/2r6890DAkv2du:HzLxfhrgeNyZo3pLS34j06890DFOdu

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

3681321143840CM.exe

pid	process
2192	3681321143840CM.exe
2192	3681321143840CM.exe
2192	3681321143840CM.exe
2192	3681321143840CM.exe
2192	3681321143840CM.exe
2192	3681321143840CM.exe
2192	3681321143840CM.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

3681321143840CM.exe

description pid process

Token: SeDebugPrivilege 2192 3681321143840CM.exe

description	pid	process
Token: SeDebugPrivilege	2192	3681321143840CM.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

3681321143840CM.exe

description	pid	process	target process
PID 2192 wrote to memory of 2552	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2552	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2552	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2552	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2540	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2540	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2540	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2540	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2592	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2592	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2592	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2592	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2608	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2608	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2608	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2608	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2612	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2612	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2612	2192	3681321143840CM.exe	3681321143840CM.exe
PID 2192 wrote to memory of 2612	2192	3681321143840CM.exe	3681321143840CM.exe

C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe
"C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe
  "C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe"
  2⤵
  PID:2552
- C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe
  "C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe"
  2⤵
  PID:2540
- C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe
  "C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe"
  2⤵
  PID:2592
- C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe
  "C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe"
  2⤵
  PID:2608
- C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe
  "C:\Users\Admin\AppData\Local\Temp\3681321143840CM.exe"
  2⤵
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2192-0-0x0000000074ADE000-0x0000000074ADF000-memory.dmp

Filesize
4KB

Download
memory/2192-1-0x00000000003B0000-0x000000000045C000-memory.dmp

Filesize
688KB

Download
memory/2192-2-0x0000000074AD0000-0x00000000751BE000-memory.dmp

Filesize
6.9MB

Download
memory/2192-3-0x0000000000300000-0x000000000031E000-memory.dmp

Filesize
120KB

Download
memory/2192-4-0x0000000000380000-0x0000000000390000-memory.dmp

Filesize
64KB

Download
memory/2192-5-0x0000000000390000-0x00000000003A6000-memory.dmp

Filesize
88KB

Download
memory/2192-6-0x0000000005F40000-0x0000000005FC2000-memory.dmp

Filesize
520KB

Download
memory/2192-7-0x0000000074AD0000-0x00000000751BE000-memory.dmp

Filesize
6.9MB

Download