46d254f8592770e866e846f27848128850099f17ce1b37c9a703b67e133a8be7

Resubmissions

22/07/2024, 03:19

240722-dt6pdaybpr 3

22/07/2024, 03:08

240722-dm62kaybkk 6

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 03:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Device/HarddiskVolume3/Windows/CSC/v2.0.6/namespace/macvdfs01a/users01$/501393/Desktop/IT/AppCheckDC.exe
Size

224KB
MD5

313e8d34b074b9219defdd369e63d408
SHA1

d10014a9477dbf6a342b3f8346a0c3561a69f480
SHA256

cf37a75266edce68188a277e9e53b716ef8b2d04767d9eb404265cc8fca3b043
SHA512

e7d068ebfe15d6673f41dd1e3c7efa36d568aa0dc3fd05b09c8e452a0d89bfd4400c417cd82cee479b1d84b06afa7c4ff2a2bb31f7b33adc1aac824041c252ee
SSDEEP

6144:bKhhJS1IJyE/HBXw/KWf0QZ/oQt92Y2Et4dwY4j:bKhhGIJyE/HhwyK0+//Y4j

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	AppCheckDC.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	AppCheckDC.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	AppCheckDC.exe
File created	C:\Windows\assembly\Desktop.ini	AppCheckDC.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	AppCheckDC.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4208	AppCheckDC.exe
4208	AppCheckDC.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4208	AppCheckDC.exe
Token: SeDebugPrivilege	4208	AppCheckDC.exe

C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Windows\CSC\v2.0.6\namespace\macvdfs01a\users01$\501393\Desktop\IT\AppCheckDC.exe
"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Windows\CSC\v2.0.6\namespace\macvdfs01a\users01$\501393\Desktop\IT\AppCheckDC.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Quest Software\PowerGUI\ecabd43b-d814-449f-9f86-5735fa5a557f\appinfo_new.ps1

Filesize
130KB

MD5
3c06ffb11a06aa5472fcb97b787dc477

SHA1
5062057e13086874cf7f49c1048c8cf98f63c4a7

SHA256
9a2f2a0cf95ed9c46f575232c1b558258e94d1adba337aa3a7b72c7e2c4d24c7

SHA512
1bc0ba73dbfaa0a2ed187499190f8a31a9d7c24e265fa22d5b7b720c5b7084745919790d9436fcaea836da1448ba4fb76f0ed21e75dfa248d55ea971b5a61912

Download Submit
memory/4208-25-0x000000001E500000-0x000000001E548000-memory.dmp

Filesize
288KB

Download
memory/4208-27-0x000000001E550000-0x000000001E599000-memory.dmp

Filesize
292KB

Download
memory/4208-3-0x000000001BAA0000-0x000000001BABA000-memory.dmp

Filesize
104KB

Download
memory/4208-4-0x000000001C140000-0x000000001C60E000-memory.dmp

Filesize
4.8MB

Download
memory/4208-5-0x000000001C630000-0x000000001C650000-memory.dmp

Filesize
128KB

Download
memory/4208-9-0x000000001CD90000-0x000000001CE2C000-memory.dmp

Filesize
624KB

Download
memory/4208-10-0x000000001CE30000-0x000000001CE68000-memory.dmp

Filesize
224KB

Download
memory/4208-1-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-26-0x000000001C650000-0x000000001C658000-memory.dmp

Filesize
32KB

Download
memory/4208-19-0x000000001DCF0000-0x000000001DFD2000-memory.dmp

Filesize
2.9MB

Download
memory/4208-20-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-21-0x000000001E200000-0x000000001E3FA000-memory.dmp

Filesize
2.0MB

Download
memory/4208-22-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-23-0x000000001E450000-0x000000001E46C000-memory.dmp

Filesize
112KB

Download
memory/4208-2-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-24-0x000000001E490000-0x000000001E4A8000-memory.dmp

Filesize
96KB

Download
memory/4208-18-0x000000001D9B0000-0x000000001D9E4000-memory.dmp

Filesize
208KB

Download
memory/4208-0-0x00007FFA4CF45000-0x00007FFA4CF46000-memory.dmp

Filesize
4KB

Download
memory/4208-28-0x000000001E650000-0x000000001E6F6000-memory.dmp

Filesize
664KB

Download
memory/4208-29-0x000000001E750000-0x000000001E79A000-memory.dmp

Filesize
296KB

Download
memory/4208-30-0x000000001E810000-0x000000001E872000-memory.dmp

Filesize
392KB

Download
memory/4208-31-0x000000001E8A0000-0x000000001E8B6000-memory.dmp

Filesize
88KB

Download
memory/4208-32-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-33-0x000000001E9F0000-0x000000001EA56000-memory.dmp

Filesize
408KB

Download
memory/4208-34-0x000000001EA60000-0x000000001EACC000-memory.dmp

Filesize
432KB

Download
memory/4208-35-0x000000001EAE0000-0x000000001EDF0000-memory.dmp

Filesize
3.1MB

Download
memory/4208-37-0x000000001C690000-0x000000001C698000-memory.dmp

Filesize
32KB

Download
memory/4208-38-0x00007FFA4CF45000-0x00007FFA4CF46000-memory.dmp

Filesize
4KB

Download
memory/4208-39-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-40-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-41-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download
memory/4208-42-0x00007FFA4CC90000-0x00007FFA4D631000-memory.dmp

Filesize
9.6MB

Download