Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 07:45
Behavioral task
behavioral1
Sample
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
Resource
win10v2004-20240611-en
General
-
Target
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
-
Size
10.0MB
-
MD5
5d1f2553a05ae47cb7de9fd2814af473
-
SHA1
df32fbf6aaf753721628dc09150b3a5398a14312
-
SHA256
82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05
-
SHA512
2a170c4227f6456ad4855bd63d7b37ba5d59bf0b35e87c027c1a068fba5936b40ae6eac6cb212e3ca8f387e6c7b6c76ad6e4f31ba1d0d1768195215920e0712a
-
SSDEEP
196608:K7zFRdZtLdJXK1bIfPpd/1trVa41mS+cxorcZdqxIiijQQC6MYAuvNuFI:K7xjLvXKBWPD11uQfZ8I2QCvBc
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1160-3-0x0000000000F70000-0x000000000197C000-memory.dmp vmprotect behavioral2/memory/1160-4-0x0000000000F70000-0x000000000197C000-memory.dmp vmprotect behavioral2/memory/1160-136-0x0000000000F70000-0x000000000197C000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: 33 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: SeIncBasePriorityPrivilege 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: 33 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe Token: SeIncBasePriorityPrivilege 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe -
Suspicious use of SetWindowsHookEx 27 IoCs
pid Process 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe 1160 82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe"C:\Users\Admin\AppData\Local\Temp\82dd41aabdd618e71c3220b4973e652f164f51f2ac59e575d8112e699b08cc05.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1160
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD5502640b26b032cb3dfc9c3d27947280c
SHA12f6b99cb033a68411a04c2a6959a7907438a4d46
SHA256549b8c298bac30fed200a6e36a9499744d6231782481718fe28ba4e980c635f4
SHA51221c60a181566fb64306dfbec67d7e00e08d7747e0a5e059cd98966a5053f74a3293cdb7fcb4ad6297f138d6c06a0b4522edf7e038136f0520f8bcb4bf47d7f8d
-
Filesize
16B
MD594a515b306e6228e8ce1d1795b5faf02
SHA15f6d4e1f6e98c0608805a6ead5c0a5d37205da86
SHA25665ba2da2aa325358c44b42b1b002ae6717507eefcb42f1fcca4f3c480a9cf182
SHA5128c84db3b0962af7af3a6a6ec842ec02cdaa9345749bfc1d839b6612dcd4b96e4a9ebbeab8afa7f7c24b242e9bfc1eae18b6689afb7ef071a89a22c3690099188
-
Filesize
23B
MD56cc12c0eaf0e01c8352781ca199448fa
SHA1d56f42a464a51d7b70380d84b78282f71088327d
SHA25649114f6420a69ae35f6ad026d37482e4548ba7d0b4e38e54316196cf9e4466f4
SHA512f893de3cd2f29d622d8a899fe4485d9ee6160cb09e18e9a61bb6c757640b9d6958ff73f43f85574211050b8a32fa49b58dd9fe7844ef5acb93eded31842d8f6c