Analysis
-
max time kernel
119s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
28-07-2024 09:29
Behavioral task
behavioral1
Sample
windows.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
windows.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
windows.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
windows.exe
Resource
win11-20240709-en
General
-
Target
windows.exe
-
Size
913KB
-
MD5
4c30c907584baa7c1931a3a83ba69149
-
SHA1
09d3887d9895189a49930a61aea8c788b1ad1c0e
-
SHA256
afc180f84398fdf09969b61c538dd1b7d2259fba43b44a5ed00dac386df7a046
-
SHA512
1f581850f9722153d760f6a0f125b71aae3b87546c851a26674cc37ec76b13e39f8abc93a77e1d32fdfe906fa80945fbfb9774cb002dadd922b629879c9246cc
-
SSDEEP
24576:1Eqr4MROxnF25bYmfFhQ3rZlI0AilFEvxHil71B:1EjMiz3rZlI0AilFEvxHi
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
windows.exedescription pid Process Token: SeDebugPrivilege 1528 windows.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
windows.execsc.exedescription pid Process procid_target PID 1528 wrote to memory of 2512 1528 windows.exe 30 PID 1528 wrote to memory of 2512 1528 windows.exe 30 PID 1528 wrote to memory of 2512 1528 windows.exe 30 PID 2512 wrote to memory of 2104 2512 csc.exe 32 PID 2512 wrote to memory of 2104 2512 csc.exe 32 PID 2512 wrote to memory of 2104 2512 csc.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\windows.exe"C:\Users\Admin\AppData\Local\Temp\windows.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\clulf18p.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC62D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCC61D.tmp"3⤵PID:2104
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD546853dda553de3cac72ed91844a28ca1
SHA189ae9d3eea083f82bde9c60609589813e8cf08b0
SHA2566bf46b476d1c7d2f215777111451bf6307f7ffe7494f4cb54f75667486deef10
SHA512302d63f112027f72e97b58d7ce4f74be1eb10f43cbac6e12ec94219f9bce0448fb079e3618b33ac6848b8b21b201ea6c538c80999572cb4f4441e6fa32e152fc
-
Filesize
76KB
MD592bbbf137a2c89ded4685fcd8632aa8e
SHA166e250c3db94672e900be2619d004c4008f4f3b6
SHA256f3306dae50d8549476b529e359f785e228b65ded38678314e3e6ced5a9e9e2a4
SHA512e4927d2b02402aee6c10e29f99ccdc09600a2a40fbe08d75fb4323b05ffa16fa354f97cd5804304412b6f79b44d2127a6dbc33a04898ed0ca474ff655911595f
-
Filesize
676B
MD54f40196b36a8e976589f205cd73ce2d6
SHA12698bfff1b9b7fa7b5d7bb7548c88dba7a1871e1
SHA256627cf699fac42e8de131f1dfb88033445188c4b66ebba570a9608f8d6dcb605b
SHA51227093847ecccc3b0443b9a5ad0a40f1324a24b6d5efe3a703a873802024a959164449d41193cc1c61c8bdad09cbc03673bb77d7bcbad2bcfced370140bf65b39
-
Filesize
208KB
MD5c555d9796194c1d9a1310a05a2264e08
SHA182641fc4938680519c3b2e925e05e1001cbd71d7
SHA256ccbb8fd27ab2f27fbbd871793886ff52ff1fbd9117c98b8d190c1a96b67e498a
SHA5120b85ca22878998c7697c589739905b218f9b264a32c8f99a9f9dd73d0687a5de46cc7e851697ee16424baf94d301e411648aa2d061ac149a6d2e06b085e07090
-
Filesize
349B
MD5b75109cd3e3e4433a5a0da855a1cba00
SHA1cad150d299e00e0c9178e256328ba9d7a5ee60da
SHA256c3d632ac704d73228e54a7cb6f4ec31a9a85c1c407cb166c05e04b26c0b0cddc
SHA512aec857318dc02ef18193b2285aa8467cc834c2f6f6857d7bc94c5f96c51919da21cb3bf1b217fc409c1a668cf3e01d3345042606cd37c162c51256ef1a0cefa9