Analysis
-
max time kernel
141s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 03:38
Static task
static1
Behavioral task
behavioral1
Sample
38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe
Resource
win10v2004-20240226-en
General
-
Target
38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe
-
Size
3.7MB
-
MD5
6425c5ca7352f1559d09cfde2ee95669
-
SHA1
1dcf10d3e0465ac3b94732f68067769ace961a36
-
SHA256
38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272
-
SHA512
78ffa3228d3a79c74fb2d6ab5f5f313450870bf53f565709b5c9bbb8c5490d638ccbc9bbd7befe77557721efb088b89352ddb0fdd093288ab66160aa6767f4a9
-
SSDEEP
49152:rqtcd9PJG293W1iu+3pgEkH5iEGhXVQvu4VkvpdNQUP7tP57NrCVbL8NJ5VpJ:I69Po24cXVQvu4VkvLTTP7NrCVbMV
Malware Config
Signatures
-
Loads dropped DLL 11 IoCs
pid Process 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\32987D8F9D3AC640DDD79C53F1200353F2319D76 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\32987D8F9D3AC640DDD79C53F1200353F2319D76\Blob = 03000000010000001400000032987d8f9d3ac640ddd79c53f1200353f2319d762000000001000000a7030000308203a33082028ba003020102021000f0197fd5c3ff180cf87c1d3448f54b300d06092a864886f70d01010b0500306a312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31183016060355040a0c0f444f5f4e4f545f54525553545f42433121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f74301e170d3234303630363030303030305a170d3334303631333033333834305a306a312b3029060355040b0c224372656174656420627920687474703a2f2f7777772e666964646c6572322e636f6d31183016060355040a0c0f444f5f4e4f545f54525553545f42433121301f06035504030c18444f5f4e4f545f54525553545f466964646c6572526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100830fa69a12a80e2787fe8ecd15f2b8e780b8b71415a8e7b9587bc13516379c28b6c97048880b04c74d6d0d74ff152da5975c856e2867d43b1d5575e583471fb4bba5702e1ac2008106f034ed6ae9677c46b4dfe8c7bc6d6becf1e5c45d53400e65b4b02d7b593021d796fa7b9d78acb78581b78ec93b6dec9bd8192ea7e0140ab8078d2eaa0cae45068bb0fa26504765830e7e7d38e65e0b3afbf557bfbfdf069869a75df0f174fee4324b7dde2b555a8e1c22571f20b50474e6f9ee3d9debd95a72b94193f62b6ea4cadb155fce7025c72b4f3695ce2ede878ddc73fe81c82e92b515d5907a1f356daeb2e514b3356e36aff07fb5e6552eb22f0c52c03cf21f0203010001a345304330120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020204301d0603551d0e041604148c3761661284a86c341855e16c17a9a93338b413300d06092a864886f70d01010b050003820101003b9914107dc992c6f26f1da772a21887ef9a8f01d26f7e0070eca2db3ab574ef91a6c0088fb18966cf7d340097cb3ea2db13fbcc7505657fdf3880c28d26e6c65f523199c43d23d9ceb6985e72c0fd5d541e6e4d838f0283aedbe063349d2796c72c53e631dfa731ca4a82845274df261563facba823f2a4265402e8d4717bc76caeab9321d29205ed9f92cd4428440a35f75da28ecce4a233d58f740b22bfa41ef2ed902239bc01e08be17a0b1c0366ff0fcc12c41313796cbe6a79ff001a45bdede44ad3fb905fe8e5f61082dd17da1c7a46015685aeb9643fe645fb0de2c73e3a92f30430271fbc50d7f74d6c1fffbe94587dbe19e891c7689463776b87ac 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe 1600 38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe"C:\Users\Admin\AppData\Local\Temp\38733650d0a929e36618e19035cdc1a57c00da44ba8f09eb2e03e1bb50bfc272.exe"1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5012 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:81⤵PID:660
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
474KB
MD55d895d1c6cee56d206b6cd973479638d
SHA108fa15d13454b1113d3818133f7a10f3cb3dd451
SHA256bcfc362b42422cede445c8a119d454484b3842eb808b7ddf1b5aeb7242e06abb
SHA5128f2b3b76b84fc62b4f8660e4b6e32510c70db5b00ddccfcf4a41a1c5416b974b282cb375b60222884f3c04e9e97cf6f86223f93cadf3d45ebc641c6d703f077c
-
Filesize
44KB
MD5eccc93a46c56da30635aab9946d3773a
SHA1ebd3dc61655b938fbfc9371f8e3ba87e5c718caf
SHA256476a9a6ccf39353ca004118829dda91ff771906ea18f5db7db9a73044dda3bd8
SHA5124ad695ebeaa66cc19066431e86cd1064d0ac359733452effac36dcb98aafd4a5c7ce31925baaf33964520daf4e78718bf6a2294fd323ee33f1e8eddd311cca5c
-
Filesize
505KB
MD579fe5228b7ccdc88cf7ddba2893ea71f
SHA14313028e5354d66be81fd2103a16b16e1ad1a6f3
SHA2565850d403352d76e7f7ebda93a7bff5ab1ea57c91a54a2f6c2cfaf1c9d356d55f
SHA512f46380ccd2fcb8246206f176f17c1931d57c3bc1312c95e059cf9feab4bc392ad31fa6ffc6a1dac3b0bd70c5393ab1c2cf21729e357cb7c523d487dd92aacac3
-
Filesize
37KB
MD55df37d5f681e6510d70a7980ec1bd1ed
SHA14a6832c6ee35d6b834847a9c648edc028ea0d30f
SHA256932cb9dd22637532df47ed17f529649d959a7115077820d7e856299321d53a4b
SHA5122d13020417f9069a060561fefc2c3ee4519548b12ce0db4ece4447f6ad89e18c8677d8e89bc63cfe88a0145ed194c08dced82c5736e0b85d804dd7a0cb708d5c