b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48

Analysis

max time kernel
147s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe
Size

1.5MB
MD5

66182c4ab79efec0bcf35957a221a61b
SHA1

9d3947f51bee2d0b6912094f12d23cdc6c7d12a3
SHA256

b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48
SHA512

2daee478020c300a54ff01783e24a8ea2b0c34351467e4465208aef2daea2608f99cafe5b138219e04fbd3b91019bdd0b80d2aeef7f9aa476d7d8783aff3ece5
SSDEEP

24576:VwnU4TDLD7/gtTO56vfluFO7Mom5bKf2Yo7mEDIzhbQ2MOfOxKNL3RtQzOIIws:+ntTX/4q6v8OQon4BkztECmi3Rjv

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly\Desktop.ini	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe
File created	C:\Windows\assembly\Desktop.ini	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe
File created	C:\Windows\assembly\Desktop.ini	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	232	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
232	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe
232	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 2936	232	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe	86
PID 232 wrote to memory of 2936	232	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe	86
PID 232 wrote to memory of 2936	232	b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe	86
PID 2936 wrote to memory of 1644	2936	csc.exe	88
PID 2936 wrote to memory of 1644	2936	csc.exe	88
PID 2936 wrote to memory of 1644	2936	csc.exe	88

C:\Users\Admin\AppData\Local\Temp\b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe
"C:\Users\Admin\AppData\Local\Temp\b11d099cf6053ab4ba6d05bef4a7fad52196f610a95341dfea6d1c9759ccdf48.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hqhjb9ws.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7D20.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7D0F.tmp"
    3⤵
    PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES7D20.tmp

Filesize
1KB

MD5
e3092ebf5041d31b90074c5cd3f595b2

SHA1
e42341a830f5677570942a971b25cbef6475ffdf

SHA256
0211cfa7633528ea0a92f388173d0adc197d26d36abd3c251c4dacf379d65b9a

SHA512
731b06f8142a8a20b50b48114b4b5e5c14e900ebebc99ba5e7d8fed07d288c1dcc97225840c2e24d72dc9b0583efe091010f4b873d8d44a9bf30210d913d04c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\hqhjb9ws.dll

Filesize
128KB

MD5
527bec9911fab5ef51dc5202e3f21b80

SHA1
099d5a7becd001a3607548bb089e078362f518c3

SHA256
6b3a1d477b4d824226fcdfab301d438b2872a0017c4705db42a6b04b1c542b56

SHA512
88626b782800262c609072e7279941963f96a8efcfa3566dc003fc84452e9c4d3efb743af8036df3084742c9ac1be9ce242d03ba13fcc3d737ddfdfd17ef68ee

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC7D0F.tmp

Filesize
652B

MD5
46a9caa7feb1e6c985a95d8d5e521ee6

SHA1
f4d98f4ded71878366984666361ca84c1f29f2f7

SHA256
7c2fdc6253d2bc667138111efb7ce41f8212a50dafba348d0b0d669ee91548b5

SHA512
3ef1c429be3780ed58bb898271a72d4a402337cc8a31ee150b6f0d2cdb043260ccccdd0b88ebd5d1db28e483b76e9ac23fae64ba7d6f1ee91629dec1fabb35bd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\hqhjb9ws.0.cs

Filesize
288KB

MD5
e801a0b75198a360937b6424255ed9d4

SHA1
7f3eabf0293e72b1241a449561f961966d801d61

SHA256
63a1d96e27e98348f4f96b598a57304f3e903b57c45d8247927aa29daa53a34a

SHA512
25cd5ce8a6033069b7bdc759b8b750ffde883d43f1d345fd564b86fe82a3ce3b243632ab400b3d95cc88c697ec9415894e33d9910874411fb77e6e763aca6934

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\hqhjb9ws.cmdline

Filesize
615B

MD5
3028486ed005493f75262b7bd76300fd

SHA1
8ebbb3a1ccbcaee9177733e2b4859b769a15ca6c

SHA256
cbdf1479cd78dc42a1d2772c5f70b0f8e8dd3fee19f69359d04a959a0d2e1327

SHA512
da3a9c9a86f3f298ec21f61dd2c83e23902f782035e287bad23244246e133322197ca4564e5a818eb2aad2dc57119d9e329c2222eeae57556ce80402c9ce68a7

Download Submit
memory/232-13-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-35-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-50-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-56-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-54-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-52-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-48-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-46-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-44-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-42-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-40-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-38-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-6-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-34-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-31-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-29-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-27-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-25-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-21-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-19-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-36-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-0-0x0000000074CB2000-0x0000000074CB3000-memory.dmp

Filesize
4KB

Download
memory/232-23-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-7-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-11-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-70-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-68-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-64-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-62-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-66-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-58-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-60-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-9-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-2563-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-2564-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-17-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-15-0x00000000052A0000-0x0000000005435000-memory.dmp

Filesize
1.6MB

Download
memory/232-2585-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-5-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-4-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-2583-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-1-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-2580-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-2581-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/232-2582-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/2936-2577-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download
memory/2936-2570-0x0000000074CB0000-0x0000000075261000-memory.dmp

Filesize
5.7MB

Download