40d89205b516adefbc8053ad027918bf81bf5ecfd5dfb61b0200bac9f15a16f4

Analysis

max time kernel
150s
max time network
146s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18-07-2024 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

75KB
MD5

db13b3b18996eb0727557013860dfcde
SHA1

77d1a202f49ebec3d896160981e2284579fbd49e
SHA256

40d89205b516adefbc8053ad027918bf81bf5ecfd5dfb61b0200bac9f15a16f4
SHA512

7e0a028db4c368b1a7ff165dc39c232ef0ea528c91b92b2b508466190b928f8057d23ce6c876d0fcaf0d045f13e533874d27d8fdc2a7961f6b5b954aa588972e
SSDEEP

1536:s0uEbGez0LNV8nUw5rASb2LnmfcHktpqKmY7:s0xGeQLjboASb2Lqj2z

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe
3748	Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3748	Client.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3748	Client.exe

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\AssertPush.ps1

Filesize
752KB

MD5
c345e896b63d53886028a96bc238f68b

SHA1
d7fb16709347628a463200cd37a3ad01fb650209

SHA256
5a1b1af0aa93c3a589eabb372e3f524c28e2cb9881c61562f529e4e265507a6d

SHA512
ece1c3bb1af5a78cd6a75477214dad2cc63241c789f0e57e7f21a177f7dd11cc4ebefa612ec18fa3b0782dbdcfb6fd91300d2fdea2a344e7b3ca154c873cb606

Download Submit
C:\Users\Admin\Desktop\CheckpointExpand.vssm

Filesize
869KB

MD5
9a5065f15df015b24c5b3069f7034595

SHA1
6b00c7033176c80e04ab1a3f486f998c63b2f7af

SHA256
97d59514d2980eab19a9d2c70c006f69fc0ef9bb677ea3df3debfed3e9b526af

SHA512
9e8a121b598671ee5e73ce01da9438049a1fa23649e33f8e8b8ee7e5631bece914d2de3c7ca2273ab2edf02bd2c07ef8db73c81ac3142f32354e6d4b7d17a759

Download Submit
C:\Users\Admin\Desktop\CheckpointUnblock.vstx

Filesize
517KB

MD5
74bc505361d3332ae1d23f43b2879cff

SHA1
2adba6d83f06b49f91168be4998df82ff3d9c4d5

SHA256
4e7beaf3f0c2f3c933228cb951ee7059719eb8ba38329c3d4579ec6d2e8800c1

SHA512
31c33f3a14afa6aa461c5755269835ec0e1096f7da5195220874fe7886960e1db0d3d21818e7a2b0847d99672cdfaf5d76f7a5b9d729418cf04ff8385617e5a7

Download Submit
C:\Users\Admin\Desktop\CloseSend.tif

Filesize
728KB

MD5
ad9688b8f57aaa1e9bad4c111ea7517e

SHA1
dad4d8a8e9e563ff1ac46aac4016852f9608745e

SHA256
f11aff78ffa97bd912cfac9d6f8847d16e8b2dfb38ec0eadfe23adcb5c0d10f9

SHA512
08aa69c2a1e54364e05f65e5d9a4d1a8bbc42d0f7520ce5ab3b8abfa026bc5f07e7084b172facc2f56232c2c4c89b874029d778c66cf2a6130a5cb8b30893e7f

Download Submit
C:\Users\Admin\Desktop\ConvertFromConvert.vsdx

Filesize
423KB

MD5
ff7b91a1d0765e7ac42a0670adf6aaaa

SHA1
293df68c3e1244d14d7fb9db31de1b59e19d2c77

SHA256
7036aff4d998917db535c2f04151cee1cd543f52b7df4098abe29afa8ad67c5a

SHA512
451799c995dd65d98f1428f6dee0fddcd9309c2b8f945733c428fddb7223883a17e277bb17623158d8f85cf710afbbfc18f0632b9641aa7b9a00f8a1a07ad7ed

Download Submit
C:\Users\Admin\Desktop\DebugResolve.m1v

Filesize
376KB

MD5
a2438be893cdca6acd6d9291979c23ba

SHA1
3e6b12ab0d4f32c7af93d84f7382e253978f768a

SHA256
00b467b485a0e469caad410640e0a2b5daa96397dd446f8a49d023866291ddeb

SHA512
a7984046f4d5959ca3510613c496e4fe5b924c51256d7f741e76bf25ab56b6dbffe3e8f2af51ea99886bbc9e659f22fa90a66758f2467ddd124425631364f4d2

Download Submit
C:\Users\Admin\Desktop\EnableUnpublish.htm

Filesize
705KB

MD5
d14f6f3e193d78e8f1d9ae89550f4f14

SHA1
1b8f0084dc088c66fee835f760ae7c6dcc8770e2

SHA256
c38d4e88afc0f8b75c848721f36265ef34d482ba1e9753232317439dee47b543

SHA512
45fbad4e2581d5c400793be78ae07de78255fc930189c68c23b743a2b178f66aa511cbd016645f4aa5f1ba221b29fb0bb5048575dfc381e3aa45bbea3f1da4c5

Download Submit
C:\Users\Admin\Desktop\FindStep.ini

Filesize
681KB

MD5
22728baee7dbb1d689277e9b1f12c5a9

SHA1
5177a9166ef5f63920644aa6b2818a53ea600566

SHA256
5d2631be680c67322a7221ea783b127033983e702b62488db37cbf24d0471bdb

SHA512
de637949ef91db45c547f07c8084bcd85c2fee8834a4a3fb63abb80a54a51e1bb18a92382960a9573e31e5178268a1e7398f611d57033ac21e41617bb16a4298

Download Submit
C:\Users\Admin\Desktop\HideRestore.vdw

Filesize
940KB

MD5
55a96f2d04d88ac01f773f718d93896a

SHA1
8e0c79bd72f780092e8f229ab8dfa8849cfd0e17

SHA256
04d62c37ba9de97d1486f74fc5b9b3311405eb7757eec2c65de0ddb8598d51ad

SHA512
88288b9eea4f49e3cc1efeafc4a92194a9b269f3bdfd9c9577605280bdfe9f1e0cc921591634090651dda58fad83a658910985b27717ecc354b0bec22c1143e1

Download Submit
C:\Users\Admin\Desktop\InvokeDebug.mp3

Filesize
658KB

MD5
1075b625b2d3f8d4cddd16c84b5f9bce

SHA1
d8d968ba81fd309fd8d3a603e0e14f6af24cb7c2

SHA256
5004bc51c54fd052ca054a677fa7dd56768de715b9294ef7278b2852669d7639

SHA512
38fbfdb091b31364c7a444b409c4846fe2f46c22c655970559ae0742a81fb775b3d39940ba24df0f21263df477c1d3ac7523fb52a53ba4a1ac90963c59ec2add

Download Submit
C:\Users\Admin\Desktop\JoinFormat.wmv

Filesize
634KB

MD5
f65e84b9671e70d134b4c25c2ba97dad

SHA1
3bc6e5caa571ffcc30b70e187a1e3e8564e106f3

SHA256
3e9365598ff10f918094b7644b30cbf52accd2fcd275aa789ddcb0936901298a

SHA512
551617c25e0eb7417d20de1a8db89f400540a520a118d4b19ec6e0842e900730b2f62f2cc1c5d5dd6456e4cc61e464551a94599a0aa03482f50ada8653dc9c94

Download Submit
C:\Users\Admin\Desktop\MergeApprove.pot

Filesize
329KB

MD5
d582a9fee03aa00c2d572ddfa53899bc

SHA1
6a762cd8f58bd62892e871a65bc1485324de2ae0

SHA256
0ffc04a59f3a431ee7a7c05c18b94cf2c359b0e0f70a17148135d4f96ee2ae71

SHA512
6b44cb53433828cd966ee75ae9f42f5c53ecf2c39aaf9f42df37ec3b944aab045f74d457e6f600c3f964408b71f9a70650c5bf6b834fd53dea9701755413cab9

Download Submit
C:\Users\Admin\Desktop\MoveConvertFrom.mp2

Filesize
799KB

MD5
b3d48eb3552ef6e49fa0912b5e9c53a4

SHA1
c117880eeff4700ee95572e3928f6ca8f20d39db

SHA256
7b4b5e1fd30755f95b5e37863b8745fc5aa530f942146caa344ba1439d10831a

SHA512
1d9c98964f1cc5e5bfd61d9e7e0380d6ba511a71abd87e942c61f20aff0cd7d6d12b4f2600b1500134acb7c9d3c1bff8e2b258a690a05c157ff02aece73a83da

Download Submit
C:\Users\Admin\Desktop\NewSearch.cr2

Filesize
446KB

MD5
fb3078364ee6412dd515f83bf8b47fa7

SHA1
26a969cfc7f54bf2b8e1e4bc567fe1272c8e7418

SHA256
d01b6464ce54598c0063e27166d81d64d92e8a072a3a69543c54e048b05335e3

SHA512
8c5732c5d3821f71cf42e9e5a0261a8aeb3b4137c54810b568302c49f49cfb44008d8485e87169e0bff072ebe0c501d6269e29bf474dde3cfa3bf3e304a78a71

Download Submit
C:\Users\Admin\Desktop\OptimizeApprove.tif

Filesize
352KB

MD5
c4d68d4af7cab00ecc4d28c9a3601bf4

SHA1
2467ab8e5542715f72fb292c0367dd9b15f80110

SHA256
99706eb5e2d9fa62704fef737d72c7a57e8a7b0fb004c90065d31afb70e0cfe0

SHA512
ee71e8db317badd1694f658e2ea3057d1ffe255d4dbc7c46072df8b391c7a65e44db09da7018fda182025fdc38f54aca50f7b5e2812a6de920d52ed868bd1ae0

Download Submit
C:\Users\Admin\Desktop\ResetGet.tmp

Filesize
493KB

MD5
10e2836a571fd9be21b7f826edd68975

SHA1
321ef588403b75e2380fc99ace835bc3d65ca187

SHA256
f313dda517e0b96565b4c76a7e2a989cde855427f52a58ddd6f282931b4ce77b

SHA512
74bf22f39680608c756f8e4303a714c30a00927e1f799adaf5159a7784edad3285c8d25a92ce3f5eee2b12722b3caf2778764040ec84f5fdfc5189892797f1de

Download Submit
C:\Users\Admin\Desktop\ResizeSave.doc

Filesize
916KB

MD5
623bb4c64c2be892aa7eafb09ee2c3b6

SHA1
48f8668d01d0c2f1436f7d395bf64ba63cd38033

SHA256
133a177486f962f9f6e10267409b9da914897ba9c6ad20b3b8b0776779ccd94d

SHA512
84c668bc2341c7f32a52b511fb5962b900ed66ffdc570f471867d8a72962e2d019d7034db8d2cedc79393698d0586233c87b299c76dd21ffed3282d6b8ea3fc0

Download Submit
C:\Users\Admin\Desktop\ResolveMount.potm

Filesize
470KB

MD5
0fcedeebbae57a288019accd97c364ab

SHA1
eac294c5f52f9bffa42682dcd730cb4180c31163

SHA256
b75e1be39063840d21b627832f1d7092de1966bef8fc9c72e466059ac64bc735

SHA512
ed4eb54198f6860a7b06ca6ee6fc00f04261b2c2191ac3ee9b31d3ab9658cca4c65889599e0414a3b6c2cbd7225185049eec7daaf86cf1afb5f4e470b4d48aa7

Download Submit
C:\Users\Admin\Desktop\RestartLock.docm

Filesize
611KB

MD5
4d70549b66e764c430bcaa0def357873

SHA1
4dce3c1a0e94b6e52b82f3b9e2dd7ec81e48a42b

SHA256
ab3d9693519871d97f30955a389d6bbb60c7f0854721cd31a98546b1fbf71d7f

SHA512
c3ceb034f630d0092b5982a5cafc4c2773c16caf52010c45a25766ea369fb060368375184ffed5c476a77992160db111b9bdbfb10dc3e9012aafb896fb19ed78

Download Submit
C:\Users\Admin\Desktop\ResumeSync.mpeg2

Filesize
1.3MB

MD5
9691eca0f4299c5d11a56e4b7746cbe1

SHA1
12fcb62a4f306ad8f219eae08760badd1fc2afea

SHA256
f8e0c248db0c938316c1172a4046186c27aecd4b47ae2e1b583a45fe3ef27716

SHA512
72534f5c0b2ecc455de3ed375dbe4575552539d2e1a170c57f2ea75683b34cfc0968a9a6e373e394acff405c16417a4857c4726b06e857ea8eadf3838c3a8a49

Download Submit
C:\Users\Admin\Desktop\SuspendMeasure.cr2

Filesize
893KB

MD5
41a0294c45d46bb60fdf98d99f27eba3

SHA1
da46c8f87c56f4c8ee96ac803d914a2c6a5c2904

SHA256
e41b61447d0da90393353a119969e0a20336fbe066add28fdcfa6b42c8e33604

SHA512
ed5e94f4521885537d9455099dfbaef0632a1db02372a8a38f9fe42928444c1ff297f477ae6276693147fa4b3cd07f64156489b11c50e6157b3fbdeaae76a3ff

Download Submit
C:\Users\Admin\Desktop\TestEdit.xhtml

Filesize
540KB

MD5
35eac121516b9807eda7bbd1b9da8862

SHA1
150cce8e1deab1626a169914176aa72cd337ca6d

SHA256
91c917008828bd801a934cf268c895008b3683beb7147b128d8be3a2b0d866ed

SHA512
ae2a8619298405a1314e7ac1f639aadaf8c954588044250f3726a03f70d0827ad20e37b8d6f07b888f9cf3cb26c8feb5cd49b521c4133d9ca5fde4227d64f910

Download Submit
C:\Users\Admin\Desktop\TestOut.ini

Filesize
846KB

MD5
d560b472f95992508703bc36023147a2

SHA1
504540fc266c15e9942963f084cf239e78a664d1

SHA256
207b860ba91d2dbd398aab56f980439f194423f1a930a02d22836480bd502ba1

SHA512
381908ef7bbcb971b544ee33ad9d4d232511e23486523f742baa92bd613d2c9d657326e9b0b1e2b9198c1bcc25c25246f02c1c3220306764505c4386ceff9cb4

Download Submit
C:\Users\Admin\Desktop\UnblockApprove.odt

Filesize
775KB

MD5
25c056328dfd6b1727f15aa296303dad

SHA1
8bd3f038d323e82d52a8d29a1b5ddc8aade080a9

SHA256
097417a96f80cfb5ca8ac2f2c67db767e9741e26d49f63c303a8b9c19a9af57e

SHA512
f40f24212ab19bfe13369c647a0cd69e92cd9007e956e5dfb83367720a94c7f2bd236f758d63c010e44e65ba694355a23f3c8d8f5485aa9fe9dc24fc5041f5e0

Download Submit
C:\Users\Admin\Desktop\UninstallClear.odp

Filesize
399KB

MD5
8e31c79fabeb49deda1f57233874a17f

SHA1
5a677dcc515e1dfba011532a66c2d17d5338f64d

SHA256
4f94f95ef3712a5abef828dcccd5f28adee9df5b3c97c17c9fdd2568a252c1a5

SHA512
6b222ce34cffd9616962b7931abb66b52e01599272a4c6edaca8b72639f1383bc33303d6f93373dd8ff80f8b3776634dec780981c0a4400d3862bb94b5f79c3c

Download Submit
C:\Users\Admin\Desktop\UninstallRevoke.3g2

Filesize
587KB

MD5
aceeee0074da8d91d8cf8330c22210ef

SHA1
ea0669230d9b676697cbbbdf2b63252481e3ce22

SHA256
97097cd892a36fb9ba0ecd926c1c8ad599603eb72911c3b2304958e558686bf5

SHA512
68c69762fb27aca6fef532b4d3954c07f72ed46293df5ccba2753d5325d161599958a6c8f232d8602a6003d8f059cb34680a80bc6781ee2822b47ddf1f5a35d2

Download Submit
C:\Users\Admin\Desktop\UnprotectEnable.ppsm

Filesize
822KB

MD5
6058091457d8effe978929f2dfc49c5a

SHA1
37a2a560e731f0af8c1f44048d92f80101ed8777

SHA256
78786f1ea239d72090c76dbd632407ab32b90dcd48be0703a054eb299d59ba0b

SHA512
4d8a040b980ba6709c28776259cfb136551c7e8357ee7de58dcf8007a85eb380cf899c8f04c556f755565ea274ff29e22c083ae09b928d6844eacc67baffa450

Download Submit
C:\Users\Admin\Desktop\WriteJoin.txt

Filesize
564KB

MD5
68f90e4472c931271d61378e04655804

SHA1
dff5ccdf72cd3409794e712c42cf634a755cca40

SHA256
90dfcdfb781a51f27a6768143adde09a22ea2b3a08f32dd32a342bae37809ba6

SHA512
6a58ab2297f92194ec627f21acff280ea728aeebcc1332a4ac583893c3eb3a310ce97787dcca0cab8a20bb10717ad02876520c62cb3b0bdd56552cc25adeff67

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
204b4c82c8e1d2cac6edaa042c5dc07e

SHA1
8ebd5d10db1f290c04e18b8761298f47ef4bec32

SHA256
95bc090a2401c8c8f7dbfd0aa9f7c7db357023c6f88cff51bd2b0c22303ec26b

SHA512
42fa91abd64d2bfcacf8c0e3b6a3bd662c93d565dbe1671a6f27dae1b27370bb02c0ad8b0001196b7efa8eccfb493c8b613bcd17a4bc3f3634ff1f619a190715

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
ba2a700143c6cabe7274d784799d5042

SHA1
88c8f8b098a602adc871049d379d167288fc8362

SHA256
0ab7cf4ff922198e78813d1337539cd181a36bb24a7bf6faeae184c96eae232e

SHA512
e5423ca1581ec32411c0649918c9f9b6f4eb06375f5a169db989a9579d23cc36bf17ee988c50b5e168941a3bcb58a3a41344f7f7a6321cce921c9bbcec362990

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
d3104415fc7670714693ec26af0bb5d1

SHA1
981d9234ad3a213dcd9b75b6ffefb41ff774053d

SHA256
b4be9e061a89ff4791059d7b0d5b9fea4a3339ddabc413ec462e619ca34099e5

SHA512
c80b6e8feb6b1a8208683f617cd3781f044145619cb6111afefff3725cc95a2d77762a4d2f4f9dde6c3aa12c9a416ff8f6a4c039e9536c25f083fda47093bf56

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
b688114bd3452d41942d9d8998c39da2

SHA1
6f1f6b087b02a0e1f25712765dcad66500f23cbe

SHA256
e8bb66b7329ea153cf59e262ff2ed943e54331e0de4c5ed08a92190823bfa95a

SHA512
d0f5ac6178962b7fdba01ad2d8f5cb126ad6f18f2c1230f213d6af9f2c36beddfc71bac80ed306369df65b524bcb80bb4bb4011c8029824badbc9feee34b7417

Download Submit
memory/3748-4-0x00007FFFB6A63000-0x00007FFFB6A64000-memory.dmp

Filesize
4KB

Download
memory/3748-32-0x00007FFFB6A60000-0x00007FFFB744C000-memory.dmp

Filesize
9.9MB

Download
memory/3748-5-0x00007FFFB6A60000-0x00007FFFB744C000-memory.dmp

Filesize
9.9MB

Download
memory/3748-1-0x00007FFFB6A63000-0x00007FFFB6A64000-memory.dmp

Filesize
4KB

Download
memory/3748-3-0x00007FFFB6A60000-0x00007FFFB744C000-memory.dmp

Filesize
9.9MB

Download
memory/3748-2-0x00007FFFB6A60000-0x00007FFFB744C000-memory.dmp

Filesize
9.9MB

Download
memory/3748-0-0x0000021F87210000-0x0000021F87228000-memory.dmp

Filesize
96KB

Download