Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
13-06-2024 23:05
General
-
Target
56f107a77c28967437c8362a451eaf74c5fcff0205fc694ccbfcad5afe54d534.exe
-
Size
60KB
-
MD5
1c20614e88d7f0d2e5812a65da23449d
-
SHA1
6e6cbb864a31eb66fcd07732b158436afe96baf7
-
SHA256
56f107a77c28967437c8362a451eaf74c5fcff0205fc694ccbfcad5afe54d534
-
SHA512
efd1fcb4867b45359a3d91b5fe74c572ea3ef671048917529ee24f43350b1bc56f2f954706cfad42067ade88f4235c74d3c00928c904c1076d1e84d1e1c01f8a
-
SSDEEP
384:vbLwOs8AHsc4sMfwhKQLroT4/CFsrdHWMZo:vvw9816vhKQLroT4/wQpWMZo
Malware Config
Signatures
-
Detects Windows executables referencing non-Windows User-Agents 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56f107a77c28967437c8362a451eaf74c5fcff0205fc694ccbfcad5afe54d534.exe"C:\Users\Admin\AppData\Local\Temp\56f107a77c28967437c8362a451eaf74c5fcff0205fc694ccbfcad5afe54d534.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E628543D-44B0-4771-9316-05A34D0CC5F9}.exeC:\Windows\{E628543D-44B0-4771-9316-05A34D0CC5F9}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DEE4DFF0-9CD4-4893-A365-7379DA42EF84}.exeC:\Windows\{DEE4DFF0-9CD4-4893-A365-7379DA42EF84}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{935084C4-50AF-4bf2-A59D-087BA31B7BE0}.exeC:\Windows\{935084C4-50AF-4bf2-A59D-087BA31B7BE0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6E0DFF42-93CD-41b5-8870-CB989BA3FD69}.exeC:\Windows\{6E0DFF42-93CD-41b5-8870-CB989BA3FD69}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A58D2144-3892-44cd-8C2E-7D822D07676A}.exeC:\Windows\{A58D2144-3892-44cd-8C2E-7D822D07676A}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4BEAAE87-1313-4655-A2B9-80A417E34DF8}.exeC:\Windows\{4BEAAE87-1313-4655-A2B9-80A417E34DF8}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{934FFACD-2F62-4a46-AA17-4A1416265F3E}.exeC:\Windows\{934FFACD-2F62-4a46-AA17-4A1416265F3E}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{32297494-5451-4151-9DB8-72D94C48619C}.exeC:\Windows\{32297494-5451-4151-9DB8-72D94C48619C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D3850B08-35AD-4272-96EA-9295A7816F38}.exeC:\Windows\{D3850B08-35AD-4272-96EA-9295A7816F38}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{999F9A80-5A22-4758-BFE7-30E55D2279B2}.exeC:\Windows\{999F9A80-5A22-4758-BFE7-30E55D2279B2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C9019B7C-9BDD-4272-A80B-F17DF040A9EF}.exeC:\Windows\{C9019B7C-9BDD-4272-A80B-F17DF040A9EF}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D6B623E8-42C4-41ab-BE79-0D6106F828B4}.exeC:\Windows\{D6B623E8-42C4-41ab-BE79-0D6106F828B4}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9019~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{999F9~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3850~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32297~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{934FF~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4BEAA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A58D2~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6E0DF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{93508~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DEE4D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6285~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\56F107~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5eb222abe7d6857a50d9c820323a863d8
SHA1bd73470a6dcb9bbf63f8ba1832d13ba3a7b4920c
SHA2563023ad6fc1efebe4efd514ec3012bc723e23e041c6031e2f63f1d55405f85f7d
SHA51238da97465d75605604754d6029640b5acd92dbe4f47a9e683d0a3fe52f184f21f7eb98933f7ebfaff4c30e2513c58cc9dc57d3c137ad61dcb5ce85660176dcb5
-
Filesize
60KB
MD5a75fdf6e99dbdc34d4b2c3c61552de0a
SHA1d763903985b102670cc16001982d9845132c0964
SHA2564910a81410c50c852521c998b2f0db51e500e0c6faf0718ac12339cb91cc4c95
SHA512dbdd1e76f77cb4a511283e70cf1207bd8f83063298beaf3905411234f3838c14489220a4e39379d30777cf5c66af9051a33e0ec3dfa8ee525269be8535050c4c
-
Filesize
60KB
MD53e9c4bb347100c0aec23ac83498ca190
SHA1ece5c47ac2cbcb979cdff53ee9764c1f93793894
SHA2568a4d776a66af1afc0afdb7cf0ffca7833253187de7b97d8ceb942c20677dac49
SHA512d7ece51bb9d65baff13a9fe2f6c54489375646291d44b47e5f32dd0e9bf3d1e2480dfc8d3549ca6f379990fd91384b4e0633d3c1c65ae2c3d35a7a4f577d987d
-
Filesize
60KB
MD5ff4a3e6cbfb3c1ff80561e681fdf1c5c
SHA1386c1dfd717dd691d6def4863eed7c9925cae742
SHA25628da2dfa4671589bc635afb21988ecb8f364b5b88d8dd2bca474d526dc32699c
SHA512606f49c0083bf26eafc8cf49e1471860363b76fd7e322ec02f370599b99b02399fd1d64a60134b28c5c69a85f3950a5ed16bd6638a5f3cd459461cd40e85e0ea
-
Filesize
60KB
MD5688f3d4f580ae374c68961ce3932ad9f
SHA14106ec8e34c951d8da2e106212cfa4bde4624cff
SHA2569352ce0327213ae31068ac64dc72262335b9b4f6baa713823eb2d1499eb4c146
SHA512ee616854d61b4fc9a3b42d95a603470261c097ee65890c9d5a4459336b0708f9b526cd7f2a8bc3ae3d0a7560ed0fa6db20a1f39dbbbabec91cba2ae10db3d925
-
Filesize
60KB
MD50ec85120b3428544c74b62ec3cdcf825
SHA1e6b6b1295ad60d346421d9233205ce8ac4bb8604
SHA256baf22c64e3034f36198be15393ef22d1d0432488dc64ad52d9a564928a12fd47
SHA51221a4ad17a4a816feed655a178cf660eab1fcd811ec32bbfe669cf48f3b692ed1d0781e6461b78a4da2f6ef10d9489f2a0236a7df897e8df6c902d7690d33186d
-
Filesize
60KB
MD5a4b9bc1224ee018eef0d9e92977344f5
SHA1be50b126ad61dae50f41f59102920687fcc4b997
SHA2560efa49cf63be9177fae14be4764fc8e7019490a17ec9e190eef824789418a886
SHA512f07c7f71d0509e71be9b180c4e08e189ea64dcba19ce44df74045fa48e287b5925913dcf77dbec681371dc9294a090ff359425736385c2cb48edfbda05a12dc3
-
Filesize
60KB
MD561119e030fe69262d2d56030aa46f764
SHA19551eda227b527f3beaa361201563a9a48df34de
SHA256bdc5902de77ffc8041414e56ba401dd7174251074262001f6e7df160e6c33c11
SHA512500b76efa6be9ed048e5d87f6586af033efc969c85be851c1d0a311a48b05cbf9f1d181414446000b653ccacfd4795dca38383ca05f93fc156a48021e47cc4ea
-
Filesize
60KB
MD502dd21372253cccb049e100dc248c465
SHA1a73ac64eaa3e470f1a7d70ab92aeec70b6d717bc
SHA25684818bd1e51e1e30cd4c4ba9f71d739a371098d39ba15cce826e29d4e1c74817
SHA51247db81232dc09c606c17835c1636a01e0571e581ae4f59dbea28114f1d113f38e9e5dda793a32e04aa64568ed29e1c05bbf8952b86e9bbacea948f9b1fb1c668
-
Filesize
60KB
MD5aa977cc1f92440912a260ad3ad495011
SHA1c4b339ad3aaa595caa51281932032903a19d9c35
SHA256e5448d4f35acfaab765ffd1e51498093c9dc72e0382d4eeb6233c78edd4190b1
SHA51237d48c21a76c33bb06fa520abe8448c445bef266666242a50794a75b89426db91182b45b8e4026b5dbf398719ce67d96855d4c4a973d3f53cf7ce4dedc00a639
-
Filesize
60KB
MD58e73f9d915d78b2d8d9a3fe4cfe1f71b
SHA1923d0692460598f1c5c0a55e28418706604c95b2
SHA256a32714d3857548b1ddaac079b9e2dba6ca8285e2281eaf64b5eeecadfa1a3bbd
SHA512a86c1dda54a818833731b447ff5a574017fdbb43747bc1ee2c6c1776f7112b6ef9d20fbca82e836fefb66fc459c9655534fa99ccb354a5f68820f2319f739d60
-
Filesize
60KB
MD58dd4c652b579c6d366be2fdb15dfef35
SHA1d9d04d933cab9cf4bad13d89f0f60a3b20c3ae17
SHA256a80e2e6c1e5676afe49ec13715f90707e5d921971904671ff166dbdbd1efc4ed
SHA512cbe0b23eb543d3f3bdce8ccd53aedb73fcf678a0ae6606ec8fac060c0341950e0c70ef88f998d2454ce3c4a93dbaa018ffe8b46b06e10cc017fb9d4129f962f3