Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 03:38

General

  • Target

    38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe

  • Size

    3.7MB

  • MD5

    6425c5ca7352f1559d09cfde2ee95669

  • SHA1

    1dcf10d3e0465ac3b94732f68067769ace961a36

  • SHA256

    38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272

  • SHA512

    78ffa3228d3a79c74fb2d6ab5f5f313450870bf53f565709b5c9bbb8c5490d638ccbc9bbd7befe77557721efb088b89352ddb0fdd093288ab66160aa6767f4a9

  • SSDEEP

    49152:rqtcd9PJG293W1iu+3pgEkH5iEGhXVQvu4VkvpdNQUP7tP57NrCVbL8NJ5VpJ:I69Po24cXVQvu4VkvLTTP7NrCVbMV

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe
    "C:\Users\Admin\AppData\Local\Temp\38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\BCMakeCert.dll

    Filesize

    474KB

    MD5

    5d895d1c6cee56d206b6cd973479638d

    SHA1

    08fa15d13454b1113d3818133f7a10f3cb3dd451

    SHA256

    bcfc362b42422cede445c8a119d454484b3842eb808b7ddf1b5aeb7242e06abb

    SHA512

    8f2b3b76b84fc62b4f8660e4b6e32510c70db5b00ddccfcf4a41a1c5416b974b282cb375b60222884f3c04e9e97cf6f86223f93cadf3d45ebc641c6d703f077c

  • \Users\Admin\AppData\Local\Temp\CertMaker.dll

    Filesize

    44KB

    MD5

    eccc93a46c56da30635aab9946d3773a

    SHA1

    ebd3dc61655b938fbfc9371f8e3ba87e5c718caf

    SHA256

    476a9a6ccf39353ca004118829dda91ff771906ea18f5db7db9a73044dda3bd8

    SHA512

    4ad695ebeaa66cc19066431e86cd1064d0ac359733452effac36dcb98aafd4a5c7ce31925baaf33964520daf4e78718bf6a2294fd323ee33f1e8eddd311cca5c

  • \Users\Admin\AppData\Local\Temp\FiddlerCore4.dll

    Filesize

    505KB

    MD5

    79fe5228b7ccdc88cf7ddba2893ea71f

    SHA1

    4313028e5354d66be81fd2103a16b16e1ad1a6f3

    SHA256

    5850d403352d76e7f7ebda93a7bff5ab1ea57c91a54a2f6c2cfaf1c9d356d55f

    SHA512

    f46380ccd2fcb8246206f176f17c1931d57c3bc1312c95e059cf9feab4bc392ad31fa6ffc6a1dac3b0bd70c5393ab1c2cf21729e357cb7c523d487dd92aacac3

  • \Users\Admin\AppData\Local\Temp\efd.dll

    Filesize

    37KB

    MD5

    5df37d5f681e6510d70a7980ec1bd1ed

    SHA1

    4a6832c6ee35d6b834847a9c648edc028ea0d30f

    SHA256

    932cb9dd22637532df47ed17f529649d959a7115077820d7e856299321d53a4b

    SHA512

    2d13020417f9069a060561fefc2c3ee4519548b12ce0db4ece4447f6ad89e18c8677d8e89bc63cfe88a0145ed194c08dced82c5736e0b85d804dd7a0cb708d5c

  • memory/2184-82-0x0000000002900000-0x0000000002940000-memory.dmp

    Filesize

    256KB

  • memory/2184-86-0x0000000003E50000-0x0000000003E5D000-memory.dmp

    Filesize

    52KB

  • memory/2184-87-0x0000000074DD0000-0x0000000074DDD000-memory.dmp

    Filesize

    52KB

  • memory/2184-91-0x0000000006E50000-0x0000000006ED2000-memory.dmp

    Filesize

    520KB

  • memory/2184-95-0x0000000004530000-0x000000000453E000-memory.dmp

    Filesize

    56KB

  • memory/2184-100-0x0000000004530000-0x000000000453E000-memory.dmp

    Filesize

    56KB

  • memory/2184-104-0x0000000006EE0000-0x0000000006F5A000-memory.dmp

    Filesize

    488KB

  • memory/2184-110-0x0000000002900000-0x0000000002940000-memory.dmp

    Filesize

    256KB