83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336

Analysis

max time kernel
95s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 01:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe
Size

458KB
MD5

5a817ad50a3d4713fe89e2856a063e3f
SHA1

c680d7533a4f2bd961850de5ea6dd452ccd7b3e5
SHA256

83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336
SHA512

7de448b4187a968f4ee73fd875af7f1f2a140ae66d7eb38e2486c1f6e9e7443a6466e9d991fd841d361f5d8db7f689c21fbc595bd7da0202ca6a896adba8600a
SSDEEP

12288:1j1wwONnmblPensv+7aiMlAv6ymNqLpxG7JstD9N/:1jontfaiQVycqN0O

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
3836	83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe
3836	83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3836	83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe
3836	83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3836	83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe

C:\Users\Admin\AppData\Local\Temp\83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe
"C:\Users\Admin\AppData\Local\Temp\83d312357f8661dbf9df5a8205edde4350113d4022174380a9f11a20b7207336.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AutoItX3_x64.dll

Filesize
512KB

MD5
f11ae50df86a3bf2aa00625e54d7ebb4

SHA1
9812f16df2b0d1eeb75931348096128448d1179d

SHA256
5c1acd56bf432462e59e05e72d486fad670c4dd7c556df3d3270b827d1bbc555

SHA512
6e6ea547a758e95d75952164ebe5e928dbf46da3875c5aba7332755f5e6a5a98587226cf278ad99f4155f39e42f96f2ece0740554e0531f1293fc762a36bdc01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll

Filesize
558KB

MD5
6355cbc2e2fc439d10b093d2e1fb0f44

SHA1
3502e1e607e640d53a466ea00cf718354339b8eb

SHA256
87837943df8c9ed8a759125a5a57dd2d237a2c5eceb742c4353b93d7143b784e

SHA512
f23ac7b9f948e5c04e5dd6cb7d85165305baa7bef554830bd742e221aca359f5bfb0dece893a8128a6174539a9f32a1070701dd388083e2bbebc4002ed6b0861

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQLite.Interop.dll

Filesize
1.6MB

MD5
e6dd836cf98ed859511cbe9c53a682a3

SHA1
2432168556b04ce2536c36cb73752ffc4edf0456

SHA256
05195b8445ce85927afbac1c406192c69a7da9aaa122ac8661c4ec2d7d0828eb

SHA512
5644e3ac558edb408dc63fa4db0a84ff3a0f0c4892a5b20a3f691acde32c63f164f69e8cb71dccaba4340c18b20002e400840c48ce4a408829d7a39f9ea76510

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

Filesize
364KB

MD5
618661921045f2c1f85ce76d57dd1beb

SHA1
f858c797d72cd3f92a0ce4637dd77a9cdf2d7e02

SHA256
1a483745e68fd4f7261f44c22fbab9cf92fd70d2c727018577cde36edc923836

SHA512
9e5f64d2c5024aa03b414dde0af0845dde2e2e47430b7039b1dcfa57df36f3626afdf00409dcc0b0adad33c1485766e4cf6b469b5f0886a3fd6d203d42dfcce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\my.db

Filesize
56KB

MD5
0c4c09ffea739b59ff2317e51eb31276

SHA1
73f0796e5c50701195c2e10577fed7c165b7adfc

SHA256
9f929bd251a43c60f4bbc367a56ebb68ba5cbc7afe82b1258684410ee8044a95

SHA512
74389125ae85d02fbc84eec78c66e63e9b1aabc75cc4e9511836a2344115d784d359ef7ed589ff6f5edcd338d2e4bc1dd2c20287169ae3fa338cc7d10ebe06d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\my.db

Filesize
32KB

MD5
e9d31697932c811a2c904972f2a2a24c

SHA1
f2ac63a3fee6667a431a4dd2864cfea077cd4795

SHA256
7c830026b5d972386a77cd8ca168397c64cb1bbe757c005faeb618b1c4ac4286

SHA512
6fb8e9f3ba387aca932cd3d8a7f39c71d79c8c3f63e4cbb905c28185ffa3679f11853bb287af77a46b5bcbde24117cfb83d2ef2d3fbec4fdc67db976c1a9cb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\my.db

Filesize
32KB

MD5
43d9a838dd962d54e0507d07a8883e29

SHA1
e41b70d67e6a25227507305704534fbd6d0cc7d9

SHA256
062e0e7ffb11c937ddf95b04fb7d95b8861fb1d3b33d425f3df040301a427108

SHA512
e0c1ccd202c70b36f39ed75fa852a5d0ab4dcf9e0b444d48efd0acb9b977ff15f88febfb2f2523a4c88589ae13626f4fcf97c80bcacb372b0b3cd133754440f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\my.db

Filesize
84KB

MD5
a845fd6afa70a3cb14f947d0121b10bd

SHA1
c512c91d04ecbc1852b1fe9a52c3be630b8f80eb

SHA256
a4be63688897e5c3c953eb327402a8bf9251be1a1b3b783d1725b63ad8ca6bfc

SHA512
a0d6c3b6f0c67aedcdf0fe66b4ae325a3e7c52ad753d41b872b22739f6401937d470f8ce628f9d1184ff5888157aa3250dd254802c77c9fe7f6281191072dfcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\set.ini

Filesize
201B

MD5
555da82760abeb4d9759cf7f93499965

SHA1
7051ef3439203b874b3e6e6fa06bbc18e0d02709

SHA256
cd738c6784c35e305c9d0b1183485d72cde78a148cef737e43772c5819057987

SHA512
cda464bb700daea5f305eea1e8289f37e730a9cc6f70276905650cfc84cac446017c822ef34057c789ac10dd49493cfca6d10a10863df54b5fc1f21cb2567bdb

Download Submit
memory/3836-62-0x000000001DCB0000-0x000000001DCBE000-memory.dmp

Filesize
56KB

Download
memory/3836-101-0x00007FF921820000-0x00007FF9222E1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-60-0x000000001DCA0000-0x000000001DCA8000-memory.dmp

Filesize
32KB

Download
memory/3836-61-0x000000001ED30000-0x000000001ED68000-memory.dmp

Filesize
224KB

Download
memory/3836-0-0x00007FF921823000-0x00007FF921825000-memory.dmp

Filesize
8KB

Download
memory/3836-50-0x000000001DC50000-0x000000001DC76000-memory.dmp

Filesize
152KB

Download
memory/3836-96-0x000000001EF00000-0x000000001EF90000-memory.dmp

Filesize
576KB

Download
memory/3836-99-0x00007FF921823000-0x00007FF921825000-memory.dmp

Filesize
8KB

Download
memory/3836-100-0x00007FF921820000-0x00007FF9222E1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-59-0x00007FF921820000-0x00007FF9222E1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-102-0x00007FF921820000-0x00007FF9222E1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-104-0x0000000021020000-0x000000002102E000-memory.dmp

Filesize
56KB

Download
memory/3836-49-0x000000001E8B0000-0x000000001E8EA000-memory.dmp

Filesize
232KB

Download
memory/3836-108-0x00000000222B0000-0x00000000222D2000-memory.dmp

Filesize
136KB

Download
memory/3836-43-0x000000001DBB0000-0x000000001DC0E000-memory.dmp

Filesize
376KB

Download
memory/3836-3-0x00007FF921820000-0x00007FF9222E1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-2-0x000000001B420000-0x000000001B4B0000-memory.dmp

Filesize
576KB

Download
memory/3836-1-0x0000000000800000-0x0000000000878000-memory.dmp

Filesize
480KB

Download
memory/3836-2941-0x00007FF921820000-0x00007FF9222E1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-2942-0x00007FF921820000-0x00007FF9222E1000-memory.dmp

Filesize
10.8MB

Download