f6c5b83436c9ee7edd43498a2f6312ecae8288a4dc68c416ceb499921441be28

Analysis

max time kernel
300s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

t7patch_2.02.exe
Size

9.4MB
MD5

c0e73938d06f07c02c997064977d7e26
SHA1

c40fff5bc497a78de832dd1fc2cd20d0b74b19c2
SHA256

f6c5b83436c9ee7edd43498a2f6312ecae8288a4dc68c416ceb499921441be28
SHA512

77f9587ba1ae4641f4633de261235b446c3bfcb2722474cbb379759a00e150309ace04a45ee5d25b6298fc5ca1792abc73027cb1678d0a50149e0c273f71b88e
SSDEEP

196608:7Ozs1cP9Z+M4Va77HYDyI+CKMYUrrqsrhx/A/0Lfcf9PGCV1NJjfzq:54P18k2VtKMh1/B83V5+

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe
2344	t7patch_2.02.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2344	t7patch_2.02.exe

C:\Users\Admin\AppData\Local\Temp\t7patch_2.02.exe
"C:\Users\Admin\AppData\Local\Temp\t7patch_2.02.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2344-0-0x000007FEF5F83000-0x000007FEF5F84000-memory.dmp

Filesize
4KB

Download
memory/2344-1-0x0000000001040000-0x00000000019AE000-memory.dmp

Filesize
9.4MB

Download
memory/2344-2-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-3-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-4-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-5-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-6-0x00000000201C0000-0x0000000021434000-memory.dmp

Filesize
18.5MB

Download
memory/2344-8-0x00000000007B0000-0x00000000007D6000-memory.dmp

Filesize
152KB

Download
memory/2344-7-0x0000000000DD0000-0x0000000000E2A000-memory.dmp

Filesize
360KB

Download
memory/2344-12-0x0000000001020000-0x0000000001028000-memory.dmp

Filesize
32KB

Download
memory/2344-11-0x0000000001000000-0x0000000001014000-memory.dmp

Filesize
80KB

Download
memory/2344-10-0x00000000007F0000-0x00000000007FA000-memory.dmp

Filesize
40KB

Download
memory/2344-9-0x00000000007E0000-0x00000000007EA000-memory.dmp

Filesize
40KB

Download
memory/2344-14-0x0000000000810000-0x000000000081A000-memory.dmp

Filesize
40KB

Download
memory/2344-13-0x0000000001030000-0x0000000001038000-memory.dmp

Filesize
32KB

Download
memory/2344-17-0x0000000002EB0000-0x0000000002ECE000-memory.dmp

Filesize
120KB

Download
memory/2344-18-0x0000000022D10000-0x0000000023364000-memory.dmp

Filesize
6.3MB

Download
memory/2344-40-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-50-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-48-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-46-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-44-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-42-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-38-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-36-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-34-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-32-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-30-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-28-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-26-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-24-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-22-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-20-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-19-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-52-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-62-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-64-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-66-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-70-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-72-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-68-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-82-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-80-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-28783-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-78-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-76-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-75-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-60-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-58-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-56-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-54-0x0000000022D10000-0x0000000023360000-memory.dmp

Filesize
6.3MB

Download
memory/2344-28784-0x000007FEF5F83000-0x000007FEF5F84000-memory.dmp

Filesize
4KB

Download
memory/2344-28785-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-28786-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-28787-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2344-28788-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download