Resubmissions

28-07-2024 09:32

240728-lh334stalh 10

28-07-2024 09:29

240728-lf31bsshnd 10

Analysis

  • max time kernel
    119s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28-07-2024 09:29

General

  • Target

    windows.exe

  • Size

    913KB

  • MD5

    4c30c907584baa7c1931a3a83ba69149

  • SHA1

    09d3887d9895189a49930a61aea8c788b1ad1c0e

  • SHA256

    afc180f84398fdf09969b61c538dd1b7d2259fba43b44a5ed00dac386df7a046

  • SHA512

    1f581850f9722153d760f6a0f125b71aae3b87546c851a26674cc37ec76b13e39f8abc93a77e1d32fdfe906fa80945fbfb9774cb002dadd922b629879c9246cc

  • SSDEEP

    24576:1Eqr4MROxnF25bYmfFhQ3rZlI0AilFEvxHil71B:1EjMiz3rZlI0AilFEvxHi

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\windows.exe
    "C:\Users\Admin\AppData\Local\Temp\windows.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\clulf18p.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC62D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCC61D.tmp"
        3⤵
          PID:2104

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\CabDE40.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\RESC62D.tmp

      Filesize

      1KB

      MD5

      46853dda553de3cac72ed91844a28ca1

      SHA1

      89ae9d3eea083f82bde9c60609589813e8cf08b0

      SHA256

      6bf46b476d1c7d2f215777111451bf6307f7ffe7494f4cb54f75667486deef10

      SHA512

      302d63f112027f72e97b58d7ce4f74be1eb10f43cbac6e12ec94219f9bce0448fb079e3618b33ac6848b8b21b201ea6c538c80999572cb4f4441e6fa32e152fc

    • C:\Users\Admin\AppData\Local\Temp\clulf18p.dll

      Filesize

      76KB

      MD5

      92bbbf137a2c89ded4685fcd8632aa8e

      SHA1

      66e250c3db94672e900be2619d004c4008f4f3b6

      SHA256

      f3306dae50d8549476b529e359f785e228b65ded38678314e3e6ced5a9e9e2a4

      SHA512

      e4927d2b02402aee6c10e29f99ccdc09600a2a40fbe08d75fb4323b05ffa16fa354f97cd5804304412b6f79b44d2127a6dbc33a04898ed0ca474ff655911595f

    • \??\c:\Users\Admin\AppData\Local\Temp\CSCC61D.tmp

      Filesize

      676B

      MD5

      4f40196b36a8e976589f205cd73ce2d6

      SHA1

      2698bfff1b9b7fa7b5d7bb7548c88dba7a1871e1

      SHA256

      627cf699fac42e8de131f1dfb88033445188c4b66ebba570a9608f8d6dcb605b

      SHA512

      27093847ecccc3b0443b9a5ad0a40f1324a24b6d5efe3a703a873802024a959164449d41193cc1c61c8bdad09cbc03673bb77d7bcbad2bcfced370140bf65b39

    • \??\c:\Users\Admin\AppData\Local\Temp\clulf18p.0.cs

      Filesize

      208KB

      MD5

      c555d9796194c1d9a1310a05a2264e08

      SHA1

      82641fc4938680519c3b2e925e05e1001cbd71d7

      SHA256

      ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a

      SHA512

      0b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090

    • \??\c:\Users\Admin\AppData\Local\Temp\clulf18p.cmdline

      Filesize

      349B

      MD5

      b75109cd3e3e4433a5a0da855a1cba00

      SHA1

      cad150d299e00e0c9178e256328ba9d7a5ee60da

      SHA256

      c3d632ac704d73228e54a7cb6f4ec31a9a85c1c407cb166c05e04b26c0b0cddc

      SHA512

      aec857318dc02ef18193b2285aa8467cc834c2f6f6857d7bc94c5f96c51919da21cb3bf1b217fc409c1a668cf3e01d3345042606cd37c162c51256ef1a0cefa9

    • memory/1528-29-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-49-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-4-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-3-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-22-0x0000000000310000-0x0000000000318000-memory.dmp

      Filesize

      32KB

    • memory/1528-19-0x0000000000790000-0x00000000007A6000-memory.dmp

      Filesize

      88KB

    • memory/1528-1-0x0000000000B30000-0x0000000000B8C000-memory.dmp

      Filesize

      368KB

    • memory/1528-24-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-51-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-50-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-21-0x00000000002C0000-0x00000000002D2000-memory.dmp

      Filesize

      72KB

    • memory/1528-26-0x00000000002D0000-0x00000000002E8000-memory.dmp

      Filesize

      96KB

    • memory/1528-27-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/1528-28-0x0000000000DA0000-0x0000000000DB0000-memory.dmp

      Filesize

      64KB

    • memory/1528-0-0x000007FEF556E000-0x000007FEF556F000-memory.dmp

      Filesize

      4KB

    • memory/1528-2-0x0000000000290000-0x000000000029E000-memory.dmp

      Filesize

      56KB

    • memory/1528-48-0x000007FEF556E000-0x000007FEF556F000-memory.dmp

      Filesize

      4KB

    • memory/1528-23-0x0000000000580000-0x0000000000588000-memory.dmp

      Filesize

      32KB

    • memory/2512-10-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB

    • memory/2512-17-0x000007FEF52B0000-0x000007FEF5C4D000-memory.dmp

      Filesize

      9.6MB