b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641

Analysis

max time kernel
4s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 01:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe
Size

4.3MB
MD5

b654250bca80b165af1416282dae2a17
SHA1

172e9e9b58eb9b063b0a961e6504331b1868088e
SHA256

b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641
SHA512

f5a8be43cf3112684d1e62c2825caeb5d7d027602258f768110222c9603ba5ede520c4de5b8e879553544da64b84ca15c51e78109c1706071ec9d3993a9adadb
SSDEEP

98304:/SjOFIfCxMrGtAnX1M3epf/29MzCRI3+Fk7qZg/mN3k14UDCxoP2dsbqJF0lCuNT:ajOFIfCxMrGtAnX1M3epf/29MzCRI3+P

Score

9^/10

Malware Config

Signatures

Detects executables packed with unregistered version of .NET Reactor 1 IoCs

resource	yara_rule
behavioral2/memory/4344-1-0x0000000000E10000-0x0000000001268000-memory.dmp	INDICATOR_EXE_Packed_DotNetReactor

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4344 set thread context of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe
Token: SeDebugPrivilege	4044	MSBuild.exe
Token: SeBackupPrivilege	4044	MSBuild.exe
Token: SeSecurityPrivilege	4044	MSBuild.exe
Token: SeSecurityPrivilege	4044	MSBuild.exe
Token: SeSecurityPrivilege	4044	MSBuild.exe
Token: SeSecurityPrivilege	4044	MSBuild.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83
PID 4344 wrote to memory of 4044	4344	b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe	83

C:\Users\Admin\AppData\Local\Temp\b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe
"C:\Users\Admin\AppData\Local\Temp\b8f56d3f8d37ea702b4ce3b8be7cbe92af2fc98e9ffd7449addb4f6285cd9641.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4044-74-0x0000000008970000-0x0000000008F88000-memory.dmp

Filesize
6.1MB

Download
memory/4044-85-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/4044-83-0x000000000A2B0000-0x000000000A7DC000-memory.dmp

Filesize
5.2MB

Download
memory/4044-82-0x0000000009BB0000-0x0000000009D72000-memory.dmp

Filesize
1.8MB

Download
memory/4044-81-0x0000000008920000-0x000000000893E000-memory.dmp

Filesize
120KB

Download
memory/4044-80-0x0000000009090000-0x0000000009106000-memory.dmp

Filesize
472KB

Download
memory/4044-79-0x0000000008750000-0x00000000087B6000-memory.dmp

Filesize
408KB

Download
memory/4044-69-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/4044-70-0x0000000005AB0000-0x0000000006054000-memory.dmp

Filesize
5.6MB

Download
memory/4044-71-0x00000000055E0000-0x0000000005672000-memory.dmp

Filesize
584KB

Download
memory/4044-72-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/4044-66-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/4044-75-0x00000000084C0000-0x00000000085CA000-memory.dmp

Filesize
1.0MB

Download
memory/4044-73-0x00000000057A0000-0x00000000057AA000-memory.dmp

Filesize
40KB

Download
memory/4044-78-0x00000000085D0000-0x000000000861C000-memory.dmp

Filesize
304KB

Download
memory/4044-77-0x0000000008460000-0x000000000849C000-memory.dmp

Filesize
240KB

Download
memory/4044-76-0x0000000008400000-0x0000000008412000-memory.dmp

Filesize
72KB

Download
memory/4344-39-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-15-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-54-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-51-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-49-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-47-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-45-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-43-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-41-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-0-0x00000000750EE000-0x00000000750EF000-memory.dmp

Filesize
4KB

Download
memory/4344-37-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-35-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-34-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-31-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-29-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-27-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-25-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-23-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-21-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-55-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-13-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-11-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-19-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-17-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-9-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-7-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-6-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-57-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-59-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-61-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-63-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-65-0x0000000005A70000-0x0000000005A85000-memory.dmp

Filesize
84KB

Download
memory/4344-68-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/4344-5-0x0000000005A70000-0x0000000005A8C000-memory.dmp

Filesize
112KB

Download
memory/4344-3-0x0000000005C80000-0x0000000005DCA000-memory.dmp

Filesize
1.3MB

Download
memory/4344-4-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/4344-2-0x0000000005BE0000-0x0000000005C7C000-memory.dmp

Filesize
624KB

Download
memory/4344-1-0x0000000000E10000-0x0000000001268000-memory.dmp

Filesize
4.3MB

Download