52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960

Analysis

max time kernel
41s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
Size

6.3MB
MD5

7b9956e820cfd64a02a13af88b5237af
SHA1

ccb27bc5570fd160601d8009727296a12c579f66
SHA256

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960
SHA512

51e91c696d9cd25a1cf99cec15b412dffc1dc70046431a1254dc42d623a557a6438e42588debab3332c4afcfc57485d01b1beb740fcb24fbd9b78dc53e4a0bdc
SSDEEP

24576:sjLAQlWpXO17Q2G4rWgnfeZ79HK+6aAsYsxY90n+Y+2JnsWW3Ff/F5VWdXHb1h6P:MAQlWpXk02Ygp9E+2JnsWWZ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hyfot = "C:\\Users\\Admin\\AppData\\Roaming\\Hyfot.exe"	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2684 set thread context of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
Token: SeDebugPrivilege	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81
PID 2684 wrote to memory of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81
PID 2684 wrote to memory of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81
PID 2684 wrote to memory of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81
PID 2684 wrote to memory of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81
PID 2684 wrote to memory of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81
PID 2684 wrote to memory of 3132	2684	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	81

C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
"C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
  "C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe"
  2⤵
  PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2684-0-0x0000000074A9E000-0x0000000074A9F000-memory.dmp

Filesize
4KB

Download
memory/2684-1-0x0000000000340000-0x0000000000994000-memory.dmp

Filesize
6.3MB

Download
memory/2684-2-0x00000000065A0000-0x00000000067F2000-memory.dmp

Filesize
2.3MB

Download
memory/2684-3-0x0000000006DA0000-0x0000000007344000-memory.dmp

Filesize
5.6MB

Download
memory/2684-4-0x0000000006890000-0x0000000006922000-memory.dmp

Filesize
584KB

Download
memory/2684-12-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-5-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-16-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-50-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-64-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-68-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-66-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-62-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-60-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-58-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-56-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-54-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-52-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-48-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-46-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-44-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-42-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-40-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-38-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-36-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-34-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-32-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-30-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-28-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-26-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-24-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-23-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-20-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-14-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-10-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-8-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-6-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-18-0x00000000065A0000-0x00000000067EC000-memory.dmp

Filesize
2.3MB

Download
memory/2684-4891-0x0000000074A90000-0x0000000075240000-memory.dmp

Filesize
7.7MB

Download
memory/2684-4892-0x0000000074A90000-0x0000000075240000-memory.dmp

Filesize
7.7MB

Download
memory/2684-4893-0x0000000005380000-0x000000000540E000-memory.dmp

Filesize
568KB

Download
memory/2684-4894-0x0000000005410000-0x000000000545C000-memory.dmp

Filesize
304KB

Download
memory/2684-4895-0x0000000006B00000-0x0000000006B54000-memory.dmp

Filesize
336KB

Download
memory/2684-4898-0x0000000074A90000-0x0000000075240000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads