Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
24/06/2024, 00:05
General
-
Target
8c7560f39a16ef0b13199ffaaaf781c5fbe47d2738a42d88360252d748e64279.exe
-
Size
89KB
-
MD5
f170b5191fe2546e50d4467d6d1cab8d
-
SHA1
2f847cf224cee61f3f914bb4252295fa55179863
-
SHA256
8c7560f39a16ef0b13199ffaaaf781c5fbe47d2738a42d88360252d748e64279
-
SHA512
862b95d28a3f96ebb4db6f0fdefe0e8311443789f650f4b6d676382baabb63057e375996ad2477191c2d943fa4e011ea25d3f422541cab2a8232e12675a7b3d5
-
SSDEEP
768:Qvw9816vhKQLroH4/wQRNrfrunMxVFA3b7gl5:YEGh0oHl2unMxVS3HgX
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 22 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c7560f39a16ef0b13199ffaaaf781c5fbe47d2738a42d88360252d748e64279.exe"C:\Users\Admin\AppData\Local\Temp\8c7560f39a16ef0b13199ffaaaf781c5fbe47d2738a42d88360252d748e64279.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{01351A7A-47AE-400d-8F03-9B94565525C7}.exeC:\Windows\{01351A7A-47AE-400d-8F03-9B94565525C7}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D05D5E65-7AB8-4131-857D-1903BFF0CD96}.exeC:\Windows\{D05D5E65-7AB8-4131-857D-1903BFF0CD96}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B675AFA0-6D2B-41d7-A006-053518885CD5}.exeC:\Windows\{B675AFA0-6D2B-41d7-A006-053518885CD5}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5AF4F585-A18A-475a-B1B0-DCD46BF0B25C}.exeC:\Windows\{5AF4F585-A18A-475a-B1B0-DCD46BF0B25C}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FB7D10D2-43EA-4e99-BAA4-297F6B4B5843}.exeC:\Windows\{FB7D10D2-43EA-4e99-BAA4-297F6B4B5843}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C10B5A5F-6C33-4016-97F5-287B1C2C6FB9}.exeC:\Windows\{C10B5A5F-6C33-4016-97F5-287B1C2C6FB9}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A5465B85-3030-458d-AC02-4975FC9A33AE}.exeC:\Windows\{A5465B85-3030-458d-AC02-4975FC9A33AE}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D4678B92-B8BF-42fc-90FC-F129B8DF62C4}.exeC:\Windows\{D4678B92-B8BF-42fc-90FC-F129B8DF62C4}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{91DE92E2-71EE-421c-828D-BBD274054F48}.exeC:\Windows\{91DE92E2-71EE-421c-828D-BBD274054F48}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{607D90CA-401C-47a4-80D4-F17C838DBE2D}.exeC:\Windows\{607D90CA-401C-47a4-80D4-F17C838DBE2D}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{61919B0C-E98D-4dfc-87ED-59075BFEE555}.exeC:\Windows\{61919B0C-E98D-4dfc-87ED-59075BFEE555}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{607D9~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{91DE9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D4678~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A5465~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C10B5~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB7D1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5AF4F~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B675A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D05D5~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{01351~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\8C7560~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3680 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD59366a1d05caa6571d6715401f71966f8
SHA118a3612b67395c054a947b70e33231639caa8a62
SHA256fbc3ecbb83db111ff5004b85d9fee1884e9d33383550d2b81008e8f238392335
SHA5125008ffe8a98797a019ae238872bcb9f8d404c4dd8027e243ecd4c9e4b15751f1b1e05deebd2371dccdc138f6acb4a3bc9fd420a054571adaddfd8da149dc3d00
-
Filesize
89KB
MD5f8e0efc140731a199d5bdcd9436ffe34
SHA1efea0de3661eb7c6589ad49e9bdbf212bf4232b2
SHA25690293f162d95c89ac77c7c729eb2b298bc75b33500495a39421dcd045161196e
SHA512fbd05506761b30a060d436af6a89aca0c2c1fd09ababac80aa8545af7a50f12d6418caba0eaebd6b0aad680654db5f105a0fcf3637e9bf3534fb5175fa116fb5
-
Filesize
89KB
MD57ae70e0664812c973737041fcc81e823
SHA1a51ad949928632739773dd3812d374605b05194a
SHA2568b778f839a8cbd481ff2c811d7c4966a6ecf326c9c20acba7add1820e8dfe4e5
SHA5120bf4108896e623e63a1ab9a4aa2db6b842cf12128089e89f7546a4b962952415d7d5061e7786a6306ba4232e18d639eba6d7c78ce49f47928f120b60e186ace6
-
Filesize
89KB
MD57b3c8a4880d45ba36f7002566d6fa44e
SHA1b57e720d153fa7c7d897d534535ba7b995b41f76
SHA256a436e0e008b03c32e192caaa55219d66a0e776834599f98ec4def21d71a1726e
SHA5122884792bceefe9191b02caf48666ddde40a9cc6520a78d554cc8c077bc85b536bf019a3a44b71fa23da4328160b9e5ac838ef64bc69e16d1ed6656b8a696ac08
-
Filesize
89KB
MD517d58c688453fa0012911a76c4e9e05c
SHA11503b17355be16c8b8b973bed424206257fa208f
SHA256afe6ead588ecdf51db9915224e1a3f60a5f60188f78fe50adda867df21534031
SHA5126589decdce57ba0f9fe487e1adf2ddc02e9c3fe89d32b8f5935eb9cf6e0c32c01e273e4b4b9cde34a4bf1410da7997f18b676ce780fc650c3213c63fe472ce1c
-
Filesize
89KB
MD53f82b74c4eb28509ea955c94041a63bc
SHA140027335db5398ecfab8722fe63538f67b5f4b79
SHA256e875a4994abdee186bc9da4685691064ae1b9ea17886430117d892ae2fb4aaa4
SHA5128d1b399b5d6b796f31d7f4098deb01082344c9753ada819d40519cf449bf84be8e34ca5e29f79f5581f00032bf6811d356662570399fadb5f6a4c93178df10a7
-
Filesize
89KB
MD5765c69064f124936e67dfe3bd4a1dba4
SHA12a00143ffa3a25d9df147bc72b90d22d2fc99ea9
SHA25691bfa90e95412f625b9d29cf0c25ac2ae5c1769b10efea62bd6c256eb954fb65
SHA5122d00345b29b9dc48e1804a55c387b132d869dbc23a6bdeee3ad81972d61e0e6e5ad42ba92110ac00178592f3a68f62c850ca18f7f9a16fde8a1757df8f1e54fd
-
Filesize
89KB
MD594de4f9a042fe690c54c655f29b05f94
SHA1b5756d432f4b4e77649baaa09a668dd24ac3c067
SHA25688440ca04c2bc054f0247d37dd3ca2957f53130345a31bb86a704b45c8effe5d
SHA512935e1c67e86d5bec43819f52016148a66790b7e7be3e64afff8e9f3c5ffea4183e30e7992fefde6217d51f319f7eda13e1431c326fbb88e2ad10f76a5de9370b
-
Filesize
89KB
MD50c818bba710650818d599c105d1fca9a
SHA18708e1719abf618e06c07a10f2f1399e4258d097
SHA2563e886ed9f6bb7995ca25580e919f79d57c8dbb75043e1cc222e6db5ade75c488
SHA512764607e15c2c4d3d066cad3242aa163f5a9c29f956280b31bdc6079c7ace501e993b46a4975fafd7b9a32e036efeaefa483262562c79c7c4b400fd2874e84b54
-
Filesize
89KB
MD55abe20e92c3a275709fe112e997ee7ab
SHA1266058da7beea1e626a9bb73052b74dce563b95f
SHA2568011ddda6a715ef4ef12360bf971096ec273f173df27ccc97bc035db6cf70ede
SHA51203890a4c856be8e92ea906a542693d20f2e3a2f990d315a922df5a61801fbcf96032d1969fb5b12a59ec549e278ec0babf40ec5f2ca83cb65560c45ed38b6c25
-
Filesize
89KB
MD561d5c8ddd70b8c86e6b4f60c321cec05
SHA1287096b5deae2354d7a3bab94725ea6e9bf1abb8
SHA25616f5fe99c4890aa0f2bd68a6f9ab44497e1c8b4f60b7bb96abc07d6cbf931a5f
SHA5121b1dfbaca3a9df1579a4fc3c6b7e199477fbae52d9fc50dece84d9d6ffbb687af8b492294984f38496248845704cdb2aaaa8cc28311f136ddd91d6722fa19f51