af0f04a8286675a6d734b602b8d79d50cf3a47bfaf25a2e9bd0f3c2ee0ed7b63

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TNT consignment number 87993766478.exe
Size

123KB
MD5

800b20009891cb2ec6fb63d5f5cf7dd0
SHA1

cfe4ceddbd6a948e4c6b0689a1913ef484ea7f90
SHA256

af0f04a8286675a6d734b602b8d79d50cf3a47bfaf25a2e9bd0f3c2ee0ed7b63
SHA512

d40562458f0959aa587fdf677aed88c248b944e6161b474ef948712e9e16bd7a1b49f04564e7aa013bb99617f86c74a0d219c1ea0a7f038df692e151d0fe7fcf
SSDEEP

1536:d+9MPdi38jvG4IccspSxXTf2WN9+Zu4VqWwrLROPLYtxYTnboETB2xs7mo4b5B:PfBcsFWCS9OcwnEEqs7moOr

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe
2560	TNT consignment number 87993766478.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2560	TNT consignment number 87993766478.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2980	2560	TNT consignment number 87993766478.exe	30
PID 2560 wrote to memory of 2980	2560	TNT consignment number 87993766478.exe	30
PID 2560 wrote to memory of 2980	2560	TNT consignment number 87993766478.exe	30
PID 2560 wrote to memory of 2980	2560	TNT consignment number 87993766478.exe	30
PID 2560 wrote to memory of 3036	2560	TNT consignment number 87993766478.exe	31
PID 2560 wrote to memory of 3036	2560	TNT consignment number 87993766478.exe	31
PID 2560 wrote to memory of 3036	2560	TNT consignment number 87993766478.exe	31
PID 2560 wrote to memory of 3036	2560	TNT consignment number 87993766478.exe	31
PID 2560 wrote to memory of 3048	2560	TNT consignment number 87993766478.exe	32
PID 2560 wrote to memory of 3048	2560	TNT consignment number 87993766478.exe	32
PID 2560 wrote to memory of 3048	2560	TNT consignment number 87993766478.exe	32
PID 2560 wrote to memory of 3048	2560	TNT consignment number 87993766478.exe	32
PID 2560 wrote to memory of 2400	2560	TNT consignment number 87993766478.exe	33
PID 2560 wrote to memory of 2400	2560	TNT consignment number 87993766478.exe	33
PID 2560 wrote to memory of 2400	2560	TNT consignment number 87993766478.exe	33
PID 2560 wrote to memory of 2400	2560	TNT consignment number 87993766478.exe	33
PID 2560 wrote to memory of 3044	2560	TNT consignment number 87993766478.exe	34
PID 2560 wrote to memory of 3044	2560	TNT consignment number 87993766478.exe	34
PID 2560 wrote to memory of 3044	2560	TNT consignment number 87993766478.exe	34
PID 2560 wrote to memory of 3044	2560	TNT consignment number 87993766478.exe	34
PID 2560 wrote to memory of 2304	2560	TNT consignment number 87993766478.exe	35
PID 2560 wrote to memory of 2304	2560	TNT consignment number 87993766478.exe	35
PID 2560 wrote to memory of 2304	2560	TNT consignment number 87993766478.exe	35
PID 2560 wrote to memory of 2304	2560	TNT consignment number 87993766478.exe	35
PID 2560 wrote to memory of 3024	2560	TNT consignment number 87993766478.exe	36
PID 2560 wrote to memory of 3024	2560	TNT consignment number 87993766478.exe	36
PID 2560 wrote to memory of 3024	2560	TNT consignment number 87993766478.exe	36
PID 2560 wrote to memory of 3024	2560	TNT consignment number 87993766478.exe	36
PID 2560 wrote to memory of 2224	2560	TNT consignment number 87993766478.exe	37
PID 2560 wrote to memory of 2224	2560	TNT consignment number 87993766478.exe	37
PID 2560 wrote to memory of 2224	2560	TNT consignment number 87993766478.exe	37
PID 2560 wrote to memory of 2224	2560	TNT consignment number 87993766478.exe	37
PID 2560 wrote to memory of 2180	2560	TNT consignment number 87993766478.exe	38
PID 2560 wrote to memory of 2180	2560	TNT consignment number 87993766478.exe	38
PID 2560 wrote to memory of 2180	2560	TNT consignment number 87993766478.exe	38
PID 2560 wrote to memory of 2180	2560	TNT consignment number 87993766478.exe	38
PID 2560 wrote to memory of 304	2560	TNT consignment number 87993766478.exe	39
PID 2560 wrote to memory of 304	2560	TNT consignment number 87993766478.exe	39
PID 2560 wrote to memory of 304	2560	TNT consignment number 87993766478.exe	39
PID 2560 wrote to memory of 304	2560	TNT consignment number 87993766478.exe	39

C:\Users\Admin\AppData\Local\Temp\TNT consignment number 87993766478.exe
"C:\Users\Admin\AppData\Local\Temp\TNT consignment number 87993766478.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2980
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3036
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3048
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2400
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3044
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2304
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3024
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2224
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2180
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2560-0-0x000007FEF5413000-0x000007FEF5414000-memory.dmp

Filesize
4KB

Download
memory/2560-1-0x0000000000E10000-0x0000000000E34000-memory.dmp

Filesize
144KB

Download
memory/2560-2-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download
memory/2560-3-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/2560-4-0x000007FEF5410000-0x000007FEF5DFC000-memory.dmp

Filesize
9.9MB

Download