Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 03:38

General

  • Target

    38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe

  • Size

    3.7MB

  • MD5

    6425c5ca7352f1559d09cfde2ee95669

  • SHA1

    1dcf10d3e0465ac3b94732f68067769ace961a36

  • SHA256

    38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272

  • SHA512

    78ffa3228d3a79c74fb2d6ab5f5f313450870bf53f565709b5c9bbb8c5490d638ccbc9bbd7befe77557721efb088b89352ddb0fdd093288ab66160aa6767f4a9

  • SSDEEP

    49152:rqtcd9PJG293W1iu+3pgEkH5iEGhXVQvu4VkvpdNQUP7tP57NrCVbL8NJ5VpJ:I69Po24cXVQvu4VkvLTTP7NrCVbMV

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 11 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe
    "C:\Users\Admin\AppData\Local\Temp\38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1600
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5012 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:660

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\BCMakeCert.dll

      Filesize

      474KB

      MD5

      5d895d1c6cee56d206b6cd973479638d

      SHA1

      08fa15d13454b1113d3818133f7a10f3cb3dd451

      SHA256

      bcfc362b42422cede445c8a119d454484b3842eb808b7ddf1b5aeb7242e06abb

      SHA512

      8f2b3b76b84fc62b4f8660e4b6e32510c70db5b00ddccfcf4a41a1c5416b974b282cb375b60222884f3c04e9e97cf6f86223f93cadf3d45ebc641c6d703f077c

    • C:\Users\Admin\AppData\Local\Temp\CertMaker.dll

      Filesize

      44KB

      MD5

      eccc93a46c56da30635aab9946d3773a

      SHA1

      ebd3dc61655b938fbfc9371f8e3ba87e5c718caf

      SHA256

      476a9a6ccf39353ca004118829dda91ff771906ea18f5db7db9a73044dda3bd8

      SHA512

      4ad695ebeaa66cc19066431e86cd1064d0ac359733452effac36dcb98aafd4a5c7ce31925baaf33964520daf4e78718bf6a2294fd323ee33f1e8eddd311cca5c

    • C:\Users\Admin\AppData\Local\Temp\FiddlerCore4.dll

      Filesize

      505KB

      MD5

      79fe5228b7ccdc88cf7ddba2893ea71f

      SHA1

      4313028e5354d66be81fd2103a16b16e1ad1a6f3

      SHA256

      5850d403352d76e7f7ebda93a7bff5ab1ea57c91a54a2f6c2cfaf1c9d356d55f

      SHA512

      f46380ccd2fcb8246206f176f17c1931d57c3bc1312c95e059cf9feab4bc392ad31fa6ffc6a1dac3b0bd70c5393ab1c2cf21729e357cb7c523d487dd92aacac3

    • C:\Users\Admin\AppData\Local\Temp\efd.dll

      Filesize

      37KB

      MD5

      5df37d5f681e6510d70a7980ec1bd1ed

      SHA1

      4a6832c6ee35d6b834847a9c648edc028ea0d30f

      SHA256

      932cb9dd22637532df47ed17f529649d959a7115077820d7e856299321d53a4b

      SHA512

      2d13020417f9069a060561fefc2c3ee4519548b12ce0db4ece4447f6ad89e18c8677d8e89bc63cfe88a0145ed194c08dced82c5736e0b85d804dd7a0cb708d5c

    • memory/1600-72-0x0000000003BA0000-0x0000000003BAD000-memory.dmp

      Filesize

      52KB

    • memory/1600-73-0x0000000075440000-0x000000007544D000-memory.dmp

      Filesize

      52KB

    • memory/1600-77-0x0000000005EA0000-0x0000000005F22000-memory.dmp

      Filesize

      520KB

    • memory/1600-78-0x0000000005F40000-0x00000000064E4000-memory.dmp

      Filesize

      5.6MB

    • memory/1600-68-0x000000007369E000-0x000000007369F000-memory.dmp

      Filesize

      4KB

    • memory/1600-67-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

      Filesize

      64KB

    • memory/1600-82-0x0000000005F30000-0x0000000005F3E000-memory.dmp

      Filesize

      56KB

    • memory/1600-90-0x0000000006860000-0x00000000068DA000-memory.dmp

      Filesize

      488KB

    • memory/1600-98-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

      Filesize

      64KB

    • memory/1600-99-0x000000007369E000-0x000000007369F000-memory.dmp

      Filesize

      4KB