6c641b4d5c5032270b712691c0b4fef9332601cfe2d7d6a07169fe410058f6ea | Triage

Resubmissions

09/08/2024, 00:46

240809-a4lkeaxcjd 1

06/08/2024, 17:35

240806-v56l7avfnr 1

01/08/2024, 21:24

240801-z89v8s1cjb 1

Analysis

max time kernel
584s
max time network
586s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 17:35

Sharing

Report Analysis Logs

General

Target

1.scr
Size

371KB
MD5

29b8d499c4ae98d7107a28477b01c5e4
SHA1

3efa32d32c4b7cc88120008c79c380c3a0c80933
SHA256

6c641b4d5c5032270b712691c0b4fef9332601cfe2d7d6a07169fe410058f6ea
SHA512

533d672b77801b1a1e65d19cc1b32caa93a67ee58ecffd61adb586369805fe973f534bd37b5406e16a68014da963224e4dee3ddea8d2205ce6332d7ee4d1a94f
SSDEEP

6144:aWJEs8PunzXNHsWBElFoZurwEGgKaebh4eV0ljQ95a0EJ6UA:aWJz86TNHsW6lKZP8yhvuQ5vEO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4608	1.scr
4608	1.scr

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4608	1.scr
Token: SeImpersonatePrivilege	4608	1.scr
Token: SeTakeOwnershipPrivilege	4608	1.scr

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 804	4608	1.scr	10
PID 4608 wrote to memory of 804	4608	1.scr	10
PID 4608 wrote to memory of 804	4608	1.scr	10

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\1.scr
"C:\Users\Admin\AppData\Local\Temp\1.scr" /S
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/804-1-0x00007FFEFAED0000-0x00007FFEFAED2000-memory.dmp

Filesize
8KB

Download
memory/804-0-0x00007FFEFAF6C000-0x00007FFEFAF6E000-memory.dmp

Filesize
8KB

Download
memory/804-2-0x0000024D055A0000-0x0000024D055DC000-memory.dmp

Filesize
240KB

Download