a485bf8cf6ef1871b4752061e3176e89010680c0a448397f1fbafed841c66061

Analysis

max time kernel
133s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 02:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe
Size

407KB
MD5

155d8b3ca4845f74a9ffcf18d402fb50
SHA1

896fa15dcc5f7a3585b1e91e42866059fa3346fc
SHA256

57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45
SHA512

2fb221fb6dcad9793d7783ead27e77b98d39681bdf758a6dd2840445e7c050ffcb3392649d61ff2ed22899c4b07b4e2084cec04a6ecb8031cfd5a7b552fb2e5e
SSDEEP

12288:QTu00sJtWysvYBpGhEi6U1iy8/Q8idmlJ9TLzYRVSTmG+7m2BFlrbeYL+9:QTu0ltW/YzyX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 968 set thread context of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85

Suspicious use of AdjustPrivilegeToken 31 IoCs

description	pid	Process
Token: SeDebugPrivilege	4080	MSBuild.exe
Token: SeBackupPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeBackupPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeBackupPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeBackupPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeBackupPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeBackupPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe
Token: SeSecurityPrivilege	4080	MSBuild.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85
PID 968 wrote to memory of 4080	968	57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe	85

C:\Users\Admin\AppData\Local\Temp\57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe
"C:\Users\Admin\AppData\Local\Temp\57ab7f36936d31e2975e26c454d0d85c3b2ab56f3c7f34afa2378b1b2090ed45.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
459KB

MD5
d3174cb9af9b1856d403323eed5a390f

SHA1
6a5c3d15e43040194f4d3b429bf51e719ed2df32

SHA256
c7abbb14ef21abb5307ae660edce7cd00833048056288eba00097d610c7b8729

SHA512
2ddab8137fccac26648e3058ad04664e23bfd17b57c37ebe89006c80cb6f72aeeee71fbc66cf8140d57d34cccd696cae8a963002de1fdfaef6317efbc1ae4b4d

Download Submit
memory/968-14-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download
memory/968-0-0x00000000752BE000-0x00000000752BF000-memory.dmp

Filesize
4KB

Download
memory/968-1-0x0000000000280000-0x00000000002F0000-memory.dmp

Filesize
448KB

Download
memory/968-8-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download
memory/968-10-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download
memory/968-2-0x0000000004C10000-0x0000000004C16000-memory.dmp

Filesize
24KB

Download
memory/4080-17-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download
memory/4080-13-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download
memory/4080-11-0x0000000000700000-0x000000000075A000-memory.dmp

Filesize
360KB

Download
memory/4080-15-0x00000000051D0000-0x0000000005774000-memory.dmp

Filesize
5.6MB

Download
memory/4080-16-0x0000000004C20000-0x0000000004CB2000-memory.dmp

Filesize
584KB

Download
memory/4080-18-0x0000000004DB0000-0x0000000004DBA000-memory.dmp

Filesize
40KB

Download
memory/4080-19-0x0000000008300000-0x0000000008918000-memory.dmp

Filesize
6.1MB

Download
memory/4080-20-0x0000000007E50000-0x0000000007F5A000-memory.dmp

Filesize
1.0MB

Download
memory/4080-21-0x0000000007DA0000-0x0000000007DB2000-memory.dmp

Filesize
72KB

Download
memory/4080-22-0x0000000007E00000-0x0000000007E3C000-memory.dmp

Filesize
240KB

Download
memory/4080-23-0x0000000007F60000-0x0000000007FAC000-memory.dmp

Filesize
304KB

Download
memory/4080-24-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads