3e36732ff2a298a34acd083639cf0f8b1aef0e099965e6ff30706489bf1297d4

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SCADA.exe
Size

3KB
MD5

c2ed3e16499987aa8a7caf7c0351d334
SHA1

0803cb9297f8eaf33c00539ae1a7e63bb4a245ae
SHA256

e6acd5b36125333065fbdb9e139941b315a04146c647ec45cf23a10925c8a41e
SHA512

f48212f74703390b38886f932a9ebd1426bdd0c37fbc5751dded2becce5f01a1b961f0fe5cdb5cfcbd79489b2fc224e71f5a82688c41ef52ae7a744162bafa1b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3616	SCADA.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4992	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3616	SCADA.exe

C:\Users\Admin\AppData\Local\Temp\SCADA.exe
"C:\Users\Admin\AppData\Local\Temp\SCADA.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Flexitek\python\Lib\test\test_importlib\extension\__main__.py

Filesize
62B

MD5
47878c074f37661118db4f3525b2b6cb

SHA1
9671e2ef6e3d9fa96e7450bcee03300f8d395533

SHA256
b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216

SHA512
13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5

Download Submit
C:\Users\Admin\Flexitek\python\Lib\test\test_importlib\import_\__init__.py

Filesize
147B

MD5
c3239b95575b0ad63408b8e633f9334d

SHA1
7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc

SHA256
6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225

SHA512
5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25

Download Submit
C:\Users\Admin\Flexitek\python\Scripts\pip3.7.exe

Filesize
100KB

MD5
8e43dfb32d86f55faec72a2ca55e4ac0

SHA1
d91bdbbf83ea9912c197570ffd4db7aa5411c4ac

SHA256
98ecc2326a54ec023461add3884d11c7682e7cba926e9454bfad31db25c8a237

SHA512
8ae950bf34787f27d49abb19e5dbcde09894676f384e76101697c3456031ff0abd8b3060b9b374c77c2a374894995cb0d6d9847e75770110925ac551ec27d08e

Download Submit
memory/3616-4561-0x000000006B480000-0x000000006B571000-memory.dmp

Filesize
964KB

Download
memory/3616-4558-0x0000000000E00000-0x0000000000F25000-memory.dmp

Filesize
1.1MB

Download
memory/3616-4543-0x0000000068640000-0x00000000687B7000-memory.dmp

Filesize
1.5MB

Download
memory/3616-4545-0x0000000061940000-0x0000000062014000-memory.dmp

Filesize
6.8MB

Download
memory/3616-4562-0x0000000065880000-0x000000006589C000-memory.dmp

Filesize
112KB

Download
memory/3616-4565-0x0000000002FC0000-0x0000000002FD2000-memory.dmp

Filesize
72KB

Download
memory/3616-4564-0x0000000002FA0000-0x0000000002FB4000-memory.dmp

Filesize
80KB

Download
memory/3616-4559-0x0000000000870000-0x0000000000DF4000-memory.dmp

Filesize
5.5MB

Download
memory/3616-4557-0x000000006D7C0000-0x000000006D80A000-memory.dmp

Filesize
296KB

Download
memory/3616-4556-0x000000006EF80000-0x000000006EFB4000-memory.dmp

Filesize
208KB

Download
memory/3616-4554-0x000000006FC40000-0x000000006FDA3000-memory.dmp

Filesize
1.4MB

Download
memory/3616-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3616-4560-0x0000000000F30000-0x0000000001023000-memory.dmp

Filesize
972KB

Download
memory/3616-0-0x0000000061940000-0x0000000062014000-memory.dmp

Filesize
6.8MB

Download
memory/3616-4555-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/3616-4544-0x0000000065940000-0x00000000663A1000-memory.dmp

Filesize
10.4MB

Download
memory/3616-4553-0x0000000066C00000-0x0000000066C40000-memory.dmp

Filesize
256KB

Download
memory/3616-4552-0x0000000067740000-0x0000000067794000-memory.dmp

Filesize
336KB

Download
memory/3616-4563-0x000000006A880000-0x000000006AA44000-memory.dmp

Filesize
1.8MB

Download
memory/3616-4551-0x000000006DA40000-0x000000006DB86000-memory.dmp

Filesize
1.3MB

Download
memory/3616-4550-0x000000006DE80000-0x000000006DF19000-memory.dmp

Filesize
612KB

Download
memory/3616-4549-0x0000000062B40000-0x0000000062B75000-memory.dmp

Filesize
212KB

Download
memory/3616-4548-0x0000000061440000-0x000000006145A000-memory.dmp

Filesize
104KB

Download
memory/3616-4547-0x0000000069700000-0x00000000698B1000-memory.dmp

Filesize
1.7MB

Download
memory/3616-4546-0x0000000068880000-0x0000000068EB6000-memory.dmp

Filesize
6.2MB

Download
memory/3616-4542-0x0000000065380000-0x0000000065454000-memory.dmp

Filesize
848KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads