db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26

Analysis

max time kernel
196s
max time network
257s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-07-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
Size

2.2MB
MD5

ffe6422dff4cbe7efdbd7ac4983504d4
SHA1

b67e47c4469476baa69803a3183f2c5a821ad5b1
SHA256

db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26
SHA512

626e085ef91b16ba1d2c7211de287854b4a7e85282ccc5a863aa3603f5249ad6dcd2ae2127142268341a5cc28d91ba4f6b9bab3bef268f35e3e683ee929bf499
SSDEEP

49152:z79Bu1YpCIlTKgirv6NruEf9MpehiCcOIo8R+jl3W:zpBu2flTXmpehGOV8cjRW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Hypdhoszwhs = "C:\\Users\\Admin\\AppData\\Roaming\\Hypdhoszwhs.exe"	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

description	pid	process	target process
PID 4684 set thread context of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

description	pid	process
Token: SeDebugPrivilege	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
Token: SeDebugPrivilege	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

description	pid	process	target process
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
PID 4684 wrote to memory of 1360	4684	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe	db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe

C:\Users\Admin\AppData\Local\Temp\db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
"C:\Users\Admin\AppData\Local\Temp\db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4684

C:\Users\Admin\AppData\Local\Temp\db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe
"C:\Users\Admin\AppData\Local\Temp\db4d63069f8ba1604f971997cff723b7ed36153cd6b29d04ea0fc341236d9b26.exe"
2⤵
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4684-0-0x000000007323E000-0x000000007323F000-memory.dmp

Filesize
4KB

Download
memory/4684-1-0x00000000009E0000-0x0000000000C10000-memory.dmp

Filesize
2.2MB

Download
memory/4684-2-0x0000000005B20000-0x000000000601E000-memory.dmp

Filesize
5.0MB

Download
memory/4684-3-0x0000000005620000-0x00000000056B2000-memory.dmp

Filesize
584KB

Download
memory/4684-4-0x0000000073230000-0x000000007391E000-memory.dmp

Filesize
6.9MB

Download
memory/4684-5-0x0000000005700000-0x000000000570A000-memory.dmp

Filesize
40KB

Download
memory/4684-6-0x0000000006020000-0x000000000623C000-memory.dmp

Filesize
2.1MB

Download
memory/4684-14-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-18-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-42-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-58-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-60-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-56-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-54-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-52-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-50-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-48-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-46-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-44-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-40-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-38-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-34-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-32-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-30-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-28-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-36-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-26-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-24-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-22-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-20-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-16-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-7-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-12-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-10-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-8-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-70-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-68-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-66-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-64-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-62-0x0000000006020000-0x0000000006235000-memory.dmp

Filesize
2.1MB

Download
memory/4684-4869-0x0000000073230000-0x000000007391E000-memory.dmp

Filesize
6.9MB

Download
memory/4684-4870-0x0000000006350000-0x00000000063AA000-memory.dmp

Filesize
360KB

Download
memory/4684-4871-0x00000000064D0000-0x000000000651C000-memory.dmp

Filesize
304KB

Download
memory/4684-4872-0x000000007323E000-0x000000007323F000-memory.dmp

Filesize
4KB

Download
memory/4684-4873-0x0000000073230000-0x000000007391E000-memory.dmp

Filesize
6.9MB

Download
memory/4684-4874-0x0000000004E60000-0x0000000004EB4000-memory.dmp

Filesize
336KB

Download
memory/4684-4880-0x0000000073230000-0x000000007391E000-memory.dmp

Filesize
6.9MB

Download