a97e528437a83823008d910a54f55ae0a7f67beb5d930066dc3dca304b67509b

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a26acc40985dd32b0e1652d3255dadb.exe
Size

7.6MB
MD5

0a26acc40985dd32b0e1652d3255dadb
SHA1

8231a83da2c207b3820950d677e4604a5415d6a0
SHA256

a97e528437a83823008d910a54f55ae0a7f67beb5d930066dc3dca304b67509b
SHA512

6f0cd31c982c791cb02355eed6c2b5c64e6fa82f9d9db4196c24668eb308f1e4403ba6f213471f4f9fc5d7168c10f3f1cd61a866570bed4bad09b8515a6fbf5d
SSDEEP

12288:mmhMlnZU+IM6XQZ2X5jastLefuZS4g7ti3tIyX4IdMwHMQpsuH+nButLdTO+Qwtc:FhM5UzBifKS4PA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1804	0a26acc40985dd32b0e1652d3255dadb.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1804 set thread context of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeDebugPrivilege	4480	MSBuild.exe
Token: SeBackupPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeBackupPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeBackupPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeBackupPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeBackupPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeBackupPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeBackupPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe
Token: SeSecurityPrivilege	4480	MSBuild.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86
PID 1804 wrote to memory of 4480	1804	0a26acc40985dd32b0e1652d3255dadb.exe	86

C:\Users\Admin\AppData\Local\Temp\0a26acc40985dd32b0e1652d3255dadb.exe
"C:\Users\Admin\AppData\Local\Temp\0a26acc40985dd32b0e1652d3255dadb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
616KB

MD5
0281e5891499f79b8041974b0ffba11d

SHA1
11651caeae5df4e45bceb99998956a82baaeea8e

SHA256
fe128a0b2dc636ff00cd2fa031442cd1a1e10d0e7da7f74e8e35f17187f2ecef

SHA512
0d97639ae8dd4694daa10cc7bc0eb6c778d1ea7bd9a09688f3ebc275c0c719729a55249e224d4f0be62cce86fd2eac9da4e6790f8bd628e3c28964d72599c270

Download Submit
memory/1804-0-0x00000000746DE000-0x00000000746DF000-memory.dmp

Filesize
4KB

Download
memory/1804-1-0x0000000000E50000-0x0000000000EF0000-memory.dmp

Filesize
640KB

Download
memory/1804-2-0x00000000031F0000-0x00000000031F6000-memory.dmp

Filesize
24KB

Download
memory/1804-23-0x00000000746D0000-0x0000000074E80000-memory.dmp

Filesize
7.7MB

Download
memory/1804-12-0x00000000746D0000-0x0000000074E80000-memory.dmp

Filesize
7.7MB

Download
memory/1804-11-0x0000000077171000-0x0000000077291000-memory.dmp

Filesize
1.1MB

Download
memory/4480-14-0x0000000004E70000-0x0000000005414000-memory.dmp

Filesize
5.6MB

Download
memory/4480-13-0x00000000746A0000-0x000000007474B000-memory.dmp

Filesize
684KB

Download
memory/4480-15-0x00000000049B0000-0x0000000004A42000-memory.dmp

Filesize
584KB

Download
memory/4480-16-0x00000000746A0000-0x000000007474B000-memory.dmp

Filesize
684KB

Download
memory/4480-17-0x0000000004B90000-0x0000000004B9A000-memory.dmp

Filesize
40KB

Download
memory/4480-18-0x0000000007D80000-0x0000000008398000-memory.dmp

Filesize
6.1MB

Download
memory/4480-19-0x00000000078B0000-0x00000000079BA000-memory.dmp

Filesize
1.0MB

Download
memory/4480-20-0x00000000077F0000-0x0000000007802000-memory.dmp

Filesize
72KB

Download
memory/4480-21-0x0000000007850000-0x000000000788C000-memory.dmp

Filesize
240KB

Download
memory/4480-22-0x00000000079C0000-0x0000000007A0C000-memory.dmp

Filesize
304KB

Download
memory/4480-9-0x0000000000140000-0x00000000001C0000-memory.dmp

Filesize
512KB

Download
memory/4480-24-0x00000000746A0000-0x000000007474B000-memory.dmp

Filesize
684KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads