e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840

General

Target

e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe
Size

8.4MB
MD5

8a030c29b369baff7b3cdf5154af65d9
SHA1

9fecd83d56a1f219305a5b0a5339704175fc1193
SHA256

e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840
SHA512

afeaba25415cf9cf9e02fe1f8694959649142c9da3e04fd44978ed74288ca7044eebd901c74530291012ceb0146f360085393a4ac73bc9e70385a2aa566b28c4
SSDEEP

196608:+cBzO2ZgZUH+h299C1WDE0sZhd+7Y0sZhd+7Wwaujo8Sl3Gjdd6Xr7avfw1bS:+u3ZKUH+IDC1WDqZhcyZhcjo8gSd6b7H

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4728	e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3592	timeout.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3768	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4728	e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe
4728	e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4728	e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4728	e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe

C:\Users\Admin\AppData\Local\Temp\e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe
"C:\Users\Admin\AppData\Local\Temp\e5c0fabb1a7d5afb129ad1aa7adc60d7e9a0482f8d2b32a3f533d8d019a1e840.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4728
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C update.bat
  2⤵
  PID:4032
- - C:\Windows\SysWOW64\timeout.exe
    TIMEOUT /T 2
    3⤵
    - Delays execution with timeout.exe
    PID:3592
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 2
    3⤵
    - Runs ping.exe
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\launcher.exe
    launcher.exe
    3⤵
    PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Launcher_Updated.exe

Filesize
411KB

MD5
736ce9a2f3d24d4d6b1dbf7bec1bff7f

SHA1
157412c3e263bb1f721f02304878c658d2fea80b

SHA256
3788e5d58ff33acad2b9f7d801b04865b4cbb274bc16d0a33a709e6744d67e9a

SHA512
167497898b5e6ade2018671b8e7de52d949900d487ca6208b55de9e62cec6e02079f77cb3ff787df7f3e7adbffb1e798a8f23c2514a65e5d8e997f8e76d215f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\launcher.exe

Filesize
534KB

MD5
faf79c89fd07aaad1489a173e24ec9bd

SHA1
bb3a1345cfc32351d3f260e631d0fab55686e499

SHA256
2f52484f97a2e41d809393378e5f8f75724facf55e03e2c1e34f0d3a11abe38e

SHA512
e1912116c07ce0b9520cb1833092399ddab30424ef9337cbde28c4efbebd35ee2857f5e0eb6825fcd0fc5db4ad8c59820d1cf625aa1b77729d42a17550abee0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\update.bat

Filesize
170B

MD5
68626b4f1127170847ed7dea4af34b3d

SHA1
a58efd288d70cd6b280cdca8bf620d31825d229d

SHA256
20413fa08cadda0b8586e4e47a185372f7347088beda0e9424f1118ac36917d1

SHA512
d2055b54928a1579e793578e217bf137a811b21c1fb1c22857ccf753615effadd9c3c6a0d411cbbca6400340a136809cd671bbdcbedbcd7218aa1da51dfe9989

Download Submit
memory/1248-42-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-43-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-49-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-48-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-47-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-46-0x0000000001160000-0x0000000001168000-memory.dmp

Filesize
32KB

Download
memory/1248-45-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-44-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-32-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-41-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-31-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-39-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-38-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-30-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/1248-40-0x0000000000570000-0x0000000000B5A000-memory.dmp

Filesize
5.9MB

Download
memory/4728-9-0x0000000008340000-0x000000000835E000-memory.dmp

Filesize
120KB

Download
memory/4728-6-0x0000000074300000-0x0000000074AB0000-memory.dmp

Filesize
7.7MB

Download
memory/4728-1-0x00000000775C2000-0x00000000775C3000-memory.dmp

Filesize
4KB

Download
memory/4728-27-0x0000000074300000-0x0000000074AB0000-memory.dmp

Filesize
7.7MB

Download
memory/4728-26-0x00000000006B0000-0x0000000000CA8000-memory.dmp

Filesize
6.0MB

Download
memory/4728-4-0x00000000006B0000-0x0000000000CA8000-memory.dmp

Filesize
6.0MB

Download
memory/4728-21-0x000000000C140000-0x000000000C14E000-memory.dmp

Filesize
56KB

Download
memory/4728-20-0x000000000C180000-0x000000000C1B8000-memory.dmp

Filesize
224KB

Download
memory/4728-2-0x00000000775C3000-0x00000000775C4000-memory.dmp

Filesize
4KB

Download
memory/4728-0-0x00000000006B0000-0x0000000000CA8000-memory.dmp

Filesize
6.0MB

Download
memory/4728-8-0x0000000074300000-0x0000000074AB0000-memory.dmp

Filesize
7.7MB

Download
memory/4728-7-0x00000000006B0000-0x0000000000CA8000-memory.dmp

Filesize
6.0MB

Download
memory/4728-3-0x000000007430E000-0x000000007430F000-memory.dmp

Filesize
4KB

Download
memory/4728-5-0x00000000006B0000-0x0000000000CA8000-memory.dmp

Filesize
6.0MB

Download

Analysis

Sharing