Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 06:18

General

  • Target

    KMSAuto Net.exe

  • Size

    7.9MB

  • MD5

    f1fe671bcefd4630e5ed8b87c9283534

  • SHA1

    9ff0546074213231e695e67324aba64e2e65d2c2

  • SHA256

    58d6fec4ba24c32d38c9a0c7c39df3cb0e91f500b323e841121d703c7b718681

  • SHA512

    aa2d1a01612aeaa71c19bdb852cdf24c290929ae68831035d9b0cbc1b548db87bf23aea521e19a0f51e369f463763178f2f6b094782fd5dfb00db961c705078b

  • SSDEEP

    196608:C38lywCAfywOweqyw3ywsywXywZywnywZywBywEyw4ywwywmIBywyywsyw/ywiys:EDwCAqwUnwiwxwCwUwywUw8wJwVwtwiB

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KMSAuto Net.exe
    "C:\Users\Admin\AppData\Local\Temp\KMSAuto Net.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c md "C:\Users\Admin\AppData\Local\MSfree Inc"
      2⤵
        PID:1908
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /c echo test>>"C:\Users\Admin\AppData\Local\Temp\test.test"
        2⤵
          PID:3192
        • C:\Windows\system32\cmd.exe
          C:\Windows\Sysnative\cmd.exe /D /c del /F /Q "test.test"
          2⤵
            PID:844
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x530 0x52c
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1300,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:8
          1⤵
            PID:4392

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\test.test

            Filesize

            6B

            MD5

            9f06243abcb89c70e0c331c61d871fa7

            SHA1

            fde773a18bb29f5ed65e6f0a7aa717fd1fa485d4

            SHA256

            837ccb607e312b170fac7383d7ccfd61fa5072793f19a25e75fbacb56539b86b

            SHA512

            b947b99d1baddd347550c9032e9ab60b6be56551cf92c076b38e4e11f436051a4af51c47e54f8641316a720b043641a3b3c1e1b01ba50445ea1ba60bfd1b7a86

          • memory/1724-0-0x0000000074A5E000-0x0000000074A5F000-memory.dmp

            Filesize

            4KB

          • memory/1724-1-0x0000000000AB0000-0x00000000012A2000-memory.dmp

            Filesize

            7.9MB

          • memory/1724-2-0x0000000005CB0000-0x0000000005D4C000-memory.dmp

            Filesize

            624KB

          • memory/1724-3-0x0000000006300000-0x00000000068A4000-memory.dmp

            Filesize

            5.6MB

          • memory/1724-4-0x0000000005D50000-0x0000000005DE2000-memory.dmp

            Filesize

            584KB

          • memory/1724-5-0x0000000005EE0000-0x0000000005EEA000-memory.dmp

            Filesize

            40KB

          • memory/1724-6-0x0000000005FB0000-0x0000000006006000-memory.dmp

            Filesize

            344KB

          • memory/1724-7-0x0000000074A50000-0x0000000075200000-memory.dmp

            Filesize

            7.7MB

          • memory/1724-8-0x0000000074A50000-0x0000000075200000-memory.dmp

            Filesize

            7.7MB

          • memory/1724-13-0x0000000074A5E000-0x0000000074A5F000-memory.dmp

            Filesize

            4KB

          • memory/1724-14-0x0000000074A50000-0x0000000075200000-memory.dmp

            Filesize

            7.7MB