6c641b4d5c5032270b712691c0b4fef9332601cfe2d7d6a07169fe410058f6ea | Triage

Resubmissions

09-08-2024 00:46

240809-a4lkeaxcjd 1

06-08-2024 17:35

240806-v56l7avfnr 1

01-08-2024 21:24

240801-z89v8s1cjb 1

Analysis

max time kernel
288s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20240802-de
resource tags

arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
submitted
09-08-2024 00:46

Sharing

Report Analysis Logs

General

Target

1.scr
Size

371KB
MD5

29b8d499c4ae98d7107a28477b01c5e4
SHA1

3efa32d32c4b7cc88120008c79c380c3a0c80933
SHA256

6c641b4d5c5032270b712691c0b4fef9332601cfe2d7d6a07169fe410058f6ea
SHA512

533d672b77801b1a1e65d19cc1b32caa93a67ee58ecffd61adb586369805fe973f534bd37b5406e16a68014da963224e4dee3ddea8d2205ce6332d7ee4d1a94f
SSDEEP

6144:aWJEs8PunzXNHsWBElFoZurwEGgKaebh4eV0ljQ95a0EJ6UA:aWJz86TNHsW6lKZP8yhvuQ5vEO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1764	1.scr
1764	1.scr

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1764	1.scr
Token: SeImpersonatePrivilege	1764	1.scr
Token: SeTakeOwnershipPrivilege	1764	1.scr

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 804	1764	1.scr	10
PID 1764 wrote to memory of 804	1764	1.scr	10
PID 1764 wrote to memory of 804	1764	1.scr	10

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\1.scr
"C:\Users\Admin\AppData\Local\Temp\1.scr" /S
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/804-0-0x00007FFA4190C000-0x00007FFA4190E000-memory.dmp

Filesize
8KB

Download
memory/804-1-0x00007FFA41870000-0x00007FFA41872000-memory.dmp

Filesize
8KB

Download
memory/804-2-0x0000012E8EC80000-0x0000012E8ECBC000-memory.dmp

Filesize
240KB

Download