Analysis
-
max time kernel
134s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:22
Behavioral task
behavioral1
Sample
windisc.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
windisc.exe
Resource
win10v2004-20240508-en
General
-
Target
windisc.exe
-
Size
68.0MB
-
MD5
44908b7413d3682e3770566a637e8a27
-
SHA1
7c0a1a2e6f988bd82606e63b3f4d32c7ba7d456f
-
SHA256
661c2d39349b70f904ffdb96f96d6e46c0f9824bc2432aa4d2f05d3e4ed94069
-
SHA512
5599e8d2751c3087a3e0086024b7af388b2d310f8afb763f83ba298ffefad03864441d9171fc93274dc4d046021eba23ed2c49c300e4cb067e91e46ae3226d6f
-
SSDEEP
1572864:ox+NAF3rJpiDO24teFzFEdcRodZOE9uMtA+rgoOwG4/61+wzjmk38KQUO37:mag3Gx4tyKdcqdN9u1sgoBGYwzR8KQU
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe 2100 windisc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2100 windisc.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2100 windisc.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3920 wrote to memory of 2100 3920 windisc.exe 88 PID 3920 wrote to memory of 2100 3920 windisc.exe 88 PID 3920 wrote to memory of 2100 3920 windisc.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\windisc.exe"C:\Users\Admin\AppData\Local\Temp\windisc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3920 -
C:\Users\Admin\AppData\Local\Temp\windisc.exe"C:\Users\Admin\AppData\Local\Temp\windisc.exe"2⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2100
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4c0 0x4f41⤵PID:2676
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5e4ca3dce43b1184bb18ff01f3a0f1a40
SHA1604611d559ca41e73b12c362de6acf84db9aee43
SHA2560778c7e17016895bb6962a9774acc5568afa1a50ba309b7d9726c89dad70bdbf
SHA512137c884afa1b0b731bbd523abb47b83f31487a6ca051487292bc2a9eb7f103a0d3974fa743014018bd564be957210bdcd62c822f4ffb6441aee23b444c23e812
-
Filesize
56KB
MD5f206991b80607ca21cb15c685198502a
SHA1a779a60768c97efae43514a1b9037ac6df5e8bb8
SHA256575620215ec24a35c90861af446c557419825f8959360a144869fd9f7006ce3a
SHA512b35fe95b3029a0ba461a6e914ce3e06864d0f20de6b07f59fc987172e3192d29756b2522f024fa5acf8a388aed954bf3e238dceaffca74e6723e6938ceec16c7
-
Filesize
77KB
MD5b85b771a656911b152925434e948e5b6
SHA138549c9a3c19f7672ced7739b6ef39e59e6f15e7
SHA256c0a8cbcb8dd86d43b179698cc94ef3664ec1f69868f1249088376928477c6c24
SHA512e425a239e4b6ecdb0a6762576816dea3c4f608a0df94b804c6f58db2d42db3690928da63f53e7d83d8745b2e8188b35aed25249fa13455eeceb001eaf51d6080
-
Filesize
114KB
MD59920db5cdbcd1e69591ec24566a6eda1
SHA10a0ddbdd707a99df9db5374303d77e601496aed4
SHA256d17a08eb7744162192eec8c99fbc2a6781bc9fba915d3751e6cd1d25b81d4dd1
SHA512de95fdf48e3c95c9a714bff4e27db29733fc128a1211ada013f8e3e4cb9e50eb134aeaacb0f6e01afc09418591da19de1f6a5152f6256064af9d61a89c10ace6
-
Filesize
38KB
MD5330910a91b474545512d5b1b1576b8dc
SHA1db4bdf2869ad1ea2109d43704ad104562c069b55
SHA25615a177ffaceeda7d420a0046f04618499ae6b5ef6b02bfb1a0d682ef9d464eb9
SHA5129e3786af1121a4a27b4e0bf71058ea60c559401015402d5c8d0b4ac3b8b948b3d410852adf04ed840db4a92cabb8a632a643b7ca8a2af92f751139ad46fe3fef
-
Filesize
155KB
MD578457883e270ba94f462ee6fd9991bfb
SHA1c425f8d1592c002cdbfec1659f052e5d70b60a20
SHA256b1c72ea095304b09439499454ba2738b2332664859b25e3b590102ac38a64562
SHA5122695da6045d3c9cbd846582f05ec547c29dc2e5c27796cf765f8c4e2587537285e9c9aeed86451d55689d75803ed2e72b7ead36c3b236201a6b7715938c3e0f0
-
Filesize
38KB
MD5ca0a3ffac09d5bd28e43399154ceec6f
SHA185126bf731f8769faca08fbd6e2b3c68d8121ba1
SHA256df107e0cbff96fb846951301c4811dbfb2e697bda84323cb739159b27c8a9696
SHA512c5dc61c2db2f5dfa88275e0573419ae8f9d426cb23246e8c8ffb9c629c23760e81aa0f67a613d247536a6492e4cfa1c329bbadf125289e0e5ca06b193ef0903c
-
Filesize
25KB
MD550ed43281ae603a6e16ca8c5592274ea
SHA188dceb2b6699b4964dbbf4aec3f0b7162e6ddb4d
SHA256210ef3d8e80cf551286f388ea137b28c827751d4dec2792e0902e28fcfd233fd
SHA512f70941e752726c3356f1a911575ff856a4ee4948f5419e5163c6ca739533af08a72ba8915e5a4fd61e69ee9c03d4d60cf47a6ecaeef7a2537a4aa0f7f4106fdd
-
Filesize
68KB
MD5c60d80f1f1f35f1e923c452b3c67f326
SHA1156d792b770aa6eaee002099f13a129d424ac8f9
SHA256568971a512409e205b9242171bb55daa120b8d6b6faec2f7a30415ec13ab83e7
SHA5129f499cb40a31dbc62af3ac36c5eae961a392654147ba2ea01f647decddf2712e4ecddd2accf9e313c855d381ecf61930c61ded0c77bfae52c5d570a977aa1c71
-
Filesize
139KB
MD50de0a1a820602c7014009c03d8a34690
SHA16ee30a699b00360bfecde274cf5393e0b33f694c
SHA256da498586b6b7831bec4fecdb2f0420b88d5ae64293c88c4c4fb3fa3715ed71fa
SHA51247f77bb81f7f90fbccf3ffd41b3fb55d8422319d4a5eb93a13b54fa7f0288db4f798ae6ce4bc3d3c2b9d6d4ff75c9fc2729e90ff3a7aa3cfcf20732fac8a37ed
-
Filesize
49KB
MD5be7678cb0d1cab049780970296f574d2
SHA14545111c0fa191c196dc84516b5728e6f62214eb
SHA256972fcca874fc58f78cd92b11341c966ec11f7b27bdda90778051ca97eed65cbe
SHA512acf4baf02c1ab653bec073939735cd6ceaebdc0c8d0d33bfade03bdb1e4b2a2ed3755701e228c360928309e731621c06bb0382ab1642181bf21e7f7e6742df0f
-
Filesize
37KB
MD5bc777d9ef65f8152782890d96e2d3ad9
SHA14341b6bac29b1c2fdd7b55460b537f71e6537a0c
SHA256b09c14de25d8ca19360e59cf1624ed44837f2b417918905e61284a44637b7fa4
SHA51204834c01ae996c4a529db8883127a15884df809b9ba50592f466a64febbf7764b87483dd8560756af7af0f7fb57bd89cc7af6848559f7002fd9ec2b45b5b049c
-
Filesize
198KB
MD546ca9fa6ce9a7b4102084bbb566499ca
SHA193a4467a405e7102ff58063848d8f5e78adb4b6a
SHA256932c4dfa18500802acf220e7b6eaaaf4cddf0be125308626545cfc0e8266425e
SHA5126e01e395e465584979af225443c47c69a71a7584e56b48492dead38888c03bfa52b13f3c152e01a127070a4f2ba79c17aac3785bf639ccac10654aac728c0851
-
Filesize
34KB
MD5c55c0d34371072dc5770e637298878f8
SHA1e115e22e073869638576048622785d038ec20da6
SHA2565e23d565de05989cc2de809a2f843101a1afbb0a7450ee7795ba86e306586290
SHA5120e79701d63d2686b40dd356bb9b88d3a3e9d61ba15be12c5ddf80af861d9257d20a18f85772af8b1d6be09a6e35145f03f496be8f1cd70bc7f89c6340ed81d05
-
Filesize
22KB
MD549f4d3d8c92fb077ad09e04a8e0374f6
SHA104e59be90469a5fc167cc676460acb6efc3e96d3
SHA25694c2125849736dce4b51c64262707e74ab65923616b2a6776403038b8dfc7bb2
SHA512c4759c64fd648284df546b431032e12170d7b8adade91f76d239a3c293e96728ff8f08e9f7597f41378e4b9c861103bbfd5ca7c873049b3797184fd35c918298
-
Filesize
777KB
MD5387a7c14ffae258fa83cee4b7ff9a082
SHA123855b8284bd4b424378f8044a030d5e4b9c4e09
SHA256d524b36c810c37b8fb7f2bc787d632f356dacf2c837a2103a6f5715db87fd4d0
SHA512eda86fb739318e13c0112338e9749cd0eb68f8c82261ee7477677c21d6bc0faac225c3c07c4e976a205904dc711b2825d2f683700ebf459a36474554802b1543
-
Filesize
43.4MB
MD5278cd90204aae375bab3c35dc1722cb4
SHA1de202a517484a9ac0d26a050e987734a03b72228
SHA2565a5ab2e4238ff5b48ab1725363a5136cd85b61998e4c2d36fbd40ad47b62fbde
SHA512eaae8e60f7f7365b6f7c55ccba89ebb436c4eca82cebe2b51dabad0e65471da0758ac51effba0f376e9b9afe9f64b184c39d253f0ce27046af27fe7f959b82ad
-
Filesize
2.1MB
MD5c7298cd5232cf8f6e34b3404fc276266
SHA1a043e0ff71244a65a9c2c27c95622e6cc127b932
SHA2561e95a63b165672accde92a9c9f8b9052c8f6357344f1376af9f916aeeb306da3
SHA512212b0c5d27615e8375d32d1952beee6b8292f38aae9c9612633839c4b102fcdb2555c3ee206f0df942df49cddb1d833e2773d7dc95a367a0c6628b871d6c6892
-
Filesize
28KB
MD5bc20614744ebf4c2b8acd28d1fe54174
SHA1665c0acc404e13a69800fae94efd69a41bdda901
SHA2560c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA5120c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b
-
C:\Users\Admin\AppData\Local\Temp\_MEI39202\libopenblas.D6ALFJ4QQDWP6YNOQJNPYL27LRE6SILT.gfortran-win32.dll
Filesize26.7MB
MD57b5adf80692830fe86e6da0b11173a35
SHA1472bfbf128c6edc1ff1be8f3510ec33c80854c57
SHA25682c5d92ca1c1f112b8fa65d8e115bd0ce6d0441c672a3b73c1375eac61c3c070
SHA512b5b606a82e967f264d8f2518cca050a9553d070d1a4eff3223307e7ae0996003a8b5f83b29e73f6ebb70fd3199abf1564984c02d91a6739f69b57648c7f3a421
-
Filesize
526KB
MD59c266951ad1d135f50884069b4f096b7
SHA18d228026bf26ee1c83521afd84def1383028de52
SHA25606958c63049e2d7fe1f56df3767e884023a76bba1f41319f7fab3439b28174c5
SHA512df7fcc98246cd5cd37bd5b8bb3eb5e4849c0f7c1098108b8a591611a2185999d353e42d150edf68c0b02ac3bec704f407eb35ebd7c540f6a8224a4ab498bc19f
-
Filesize
35KB
MD5264b9c522d49e5e98ffa97e49aa0998c
SHA120aaaa7136e5b0e31e4d9fb020b875a92d0a075a
SHA2561e2289e4c34a619168d12e4f2f6aab22dad6def49f72a87b7f3e9c83be3c8709
SHA512afb6dc3146edb60587998715fde956f7baf831f9c8acc30dd3a2ea3ef44b411b1b92a5781dcda0659dc0bc9379e402b79d1442520eef081947d81debd3ea5f0a
-
Filesize
58KB
MD50e7078d9974c81b9ca9865a58fee4263
SHA1663a0d652c646fbe69e6a6acb5e9b1b79f5ba6aa
SHA256cedc715548ce121a92135e78c76352d6cdb47cde2f0447503cf225ccd9691683
SHA512266834df65f50222d51c93988d94ba42f6848526a1021a6afe1a575016f920190ea195495e4f5b8efe6e17a1099fe3dc4fbc7d43da7cbefeb24a575598132679
-
Filesize
2.2MB
MD52bccff87fe75e14dc810f1b12c7611d0
SHA197721059c94c4a8a2788db64662ee843b6bdd719
SHA2562d7caae5b1372186fc33bfee42a39e12890a97473f70334333ccbd73919acc83
SHA51241c45da8b0f9a6d8832edcc09683d518885e6c13c0eaec2c035a5cafeb4896de2e02201e5c28d151ed2e540421ee72f77fb0fa111883abdb3bf8edf9aba62ecd
-
Filesize
164KB
MD5c8d1f56d31d1b8a70349da51a9bfd951
SHA1bd4fd5e8451930a64a66e3588408405453c482a2
SHA256a89f5d88381363c1a097522a998358f668fb306c2ce0fc45486dc93bbb694ab4
SHA51270f3d51d363e181ac70536ca2893a26f435918d3fead36d218ec5eb51617ecd415fe879dffb5619364d41be7d13569cfd936593308db8408ca8584226de470f3
-
Filesize
3.9MB
MD52b5f50cc676c7fe476062064155da697
SHA1d04fe5c342549e83bceb15294f029382946ba3c8
SHA25659db58d5a51d258ee980298fd429f40bf373a0ba81c5e0625925fc7a46c809a7
SHA5121d98e097cb054fd9428b4ffa6241eeed87bc160b0968c5eecffc5288ec88df8d3632d77c759a0919bfddf50ca989d4c542361dcccfa669b6ea30f2211707947d
-
Filesize
417KB
MD501397518d5cf95a2389207ea5ca84412
SHA18f59b5048a368a81c2648e83d3ae32bebbc35803
SHA256a8a4f1d8866b7d1aaa3cc0e515ae89929b2074e6c86862940a4e5a98e59c4a1e
SHA5125f48461eae23bcda64716a64bcf7416ebd2c90aacd5ef34f1459137a1039f5538a7a21ff34c25cfb820beec683130b59e0c3209a56c0633a0e45f964f127a681
-
Filesize
115KB
MD566abdc1521ef3fce5e9689b29832a49b
SHA15a2b330777350744ae1910eae163b533139e7588
SHA256d522e94eb7c618ed75e8d86be5d690232c007dadaf4acf29d68708242000e890
SHA512d4d8551f48d0d9c2c9361a712cc489e52f9e64fc09bc2e6bf4bc45a119df54acfffddb74a7d789e95da07f05f4cd4166efa436525c31e086ee31e418b944cbaf
-
Filesize
24KB
MD518fb38786f8b0d9054a5f81e41fa4293
SHA1f0c93d17012dca9b89039667d2d9367b40f991c1
SHA256fced60bdf3e79c48407e4f903469ab7a36ecf304cbf03e65eb712da6529aae98
SHA5124aaf6276665dca76696b5801f7a82900dcec3e7eeb56787678d65551dd26ab6b9aabac0dc218b6306ad39408044498fb98a95e7bd4cb70662f68c68c55caf602
-
Filesize
4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
1.0MB
MD5e1f715fcd3c852a016084d4d78fbeaae
SHA130c45e9a42a52047c091cef0060e0d1daea20a32
SHA256f11480cb47ee949bcda4fb9e0d345dd4f0c23bfce691df90cf352ab9503b934e
SHA512b925054397a151e8cee195dc17afb79fa260288fd6e5dee59a5d99c5c5cf300d718b52051bba67503e09085bd277710bab9109940d52a74f080315be45bebf21
-
Filesize
103KB
MD53d4cdc4e1ac38eecd00f7ab9f72baf5d
SHA1f362606fcb5762dd96792ae439385414e24fbe66
SHA2564f242496e57f5f28c7bcf6fc599f1d021de499191997539a1dc53d50ae42cda6
SHA512329c362afab9d74293005c868a2d9d3333113d9667c4470425e2e83ee5a541f1c877e3c66675c42c2ca285ac2e56e8bc78a37a71e222d8f48e16905560dcd14f
-
Filesize
65KB
MD55bb4d3999099096883f3e09bf5f83405
SHA1c6546e40ada0b610c5aaabc2563aa0342213981b
SHA25605393da211cf463a0e40141f0d77ccc565a540bbd555212df14450f00bed1d87
SHA5121b321e4b638c3ccf7a100fdc5fd3e961c4cdd08dd6e19cde8c4832882959feb6b78082d0ed1801656b825d3b8d493f33a712b3d5d236919fb5aae096405b4e80