782024873acccdceacf0b83fe535efbae1cf84a595c894c25ff014a52d567bfb

Analysis

max time kernel
91s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe
Size

4.2MB
MD5

df8bc20d6d4c7e66a8d0b2fb75e2cb99
SHA1

5b0a5995d233907e802ce289c5433e7b416969a7
SHA256

1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9
SHA512

7d6ac3b5afb3babc0ff8d807a0c4f6b2c314e841b30b1f8fb734b573f001c7c41a19fe69c8457ba9f35a5ead78de11e65d9a59d3142cc41d1c3ba91d7917b00a
SSDEEP

49152:RVfDv2Ukn4dghWFiOPGgHGZZSLO3THkCouaUq8c3Fn7t62TpBPuVlVYZwDqMLUs9:RVfDv1kn8gvid9t6O/4lW6XLUszv0AZ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe

description	pid	process	target process
PID 3196 set thread context of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

MSBuild.exe

pid process

2004 MSBuild.exe

pid	process
2004	MSBuild.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exeMSBuild.exe

description	pid	process
Token: SeDebugPrivilege	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe
Token: SeDebugPrivilege	2004	MSBuild.exe
Token: SeBackupPrivilege	2004	MSBuild.exe
Token: SeSecurityPrivilege	2004	MSBuild.exe
Token: SeSecurityPrivilege	2004	MSBuild.exe
Token: SeSecurityPrivilege	2004	MSBuild.exe
Token: SeSecurityPrivilege	2004	MSBuild.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe

description	pid	process	target process
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe
PID 3196 wrote to memory of 2004	3196	1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe
"C:\Users\Admin\AppData\Local\Temp\1dcf0f609f8e6867fe4a7b49c97d5674fefe7a64fdb82de1fd819a3b96a8d8f9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-69-0x0000000005940000-0x0000000005EE4000-memory.dmp

Filesize
5.6MB

Download
memory/2004-88-0x00007FFAAE4D0000-0x00007FFAAE6C5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-86-0x00007FFAAE4D0000-0x00007FFAAE6C5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-85-0x00007FFAAE4D0000-0x00007FFAAE6C5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-84-0x000000000A4B0000-0x000000000A9DC000-memory.dmp

Filesize
5.2MB

Download
memory/2004-83-0x0000000009DB0000-0x0000000009F72000-memory.dmp

Filesize
1.8MB

Download
memory/2004-82-0x00000000092B0000-0x00000000092CE000-memory.dmp

Filesize
120KB

Download
memory/2004-81-0x00000000092E0000-0x0000000009356000-memory.dmp

Filesize
472KB

Download
memory/2004-80-0x0000000008FB0000-0x0000000009016000-memory.dmp

Filesize
408KB

Download
memory/2004-77-0x00000000083D0000-0x000000000841C000-memory.dmp

Filesize
304KB

Download
memory/2004-76-0x0000000008250000-0x000000000828C000-memory.dmp

Filesize
240KB

Download
memory/2004-66-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2004-68-0x00007FFAAE4D0000-0x00007FFAAE6C5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-75-0x00000000081F0000-0x0000000008202000-memory.dmp

Filesize
72KB

Download
memory/2004-74-0x00000000082C0000-0x00000000083CA000-memory.dmp

Filesize
1.0MB

Download
memory/2004-73-0x0000000008790000-0x0000000008DA8000-memory.dmp

Filesize
6.1MB

Download
memory/2004-72-0x0000000005400000-0x000000000540A000-memory.dmp

Filesize
40KB

Download
memory/2004-71-0x00007FFAAE4D0000-0x00007FFAAE6C5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-70-0x0000000005430000-0x00000000054C2000-memory.dmp

Filesize
584KB

Download
memory/3196-61-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-7-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-39-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-31-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-29-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-27-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-25-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-23-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-17-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-15-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-13-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-11-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-9-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-60-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-51-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-50-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-45-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-21-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-19-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-41-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-43-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-47-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-53-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-55-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-57-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-0-0x00007FFAAE4D0000-0x00007FFAAE6C5000-memory.dmp

Filesize
2.0MB

Download
memory/3196-63-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-6-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-33-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-35-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-37-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-65-0x00000000051F0000-0x0000000005205000-memory.dmp

Filesize
84KB

Download
memory/3196-5-0x00000000051F0000-0x000000000520C000-memory.dmp

Filesize
112KB

Download
memory/3196-4-0x00000000054E0000-0x0000000005660000-memory.dmp

Filesize
1.5MB

Download
memory/3196-3-0x00007FFAAE4D0000-0x00007FFAAE6C5000-memory.dmp

Filesize
2.0MB

Download
memory/3196-2-0x0000000005340000-0x00000000053DC000-memory.dmp

Filesize
624KB

Download
memory/3196-1-0x0000000000470000-0x00000000008A8000-memory.dmp

Filesize
4.2MB

Download