b50bbb4b93fd8ef7a2876b3743dfda6945e9011f406e71b41897244b0b836467

Analysis

max time kernel
124s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe
Size

1.7MB
MD5

5291819cffda955482db05ca0d125105
SHA1

56bdf44e4a0715a72b2a0c4a91008818079a75a2
SHA256

109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91
SHA512

aeb6454dd48e1aa2d983f8a0f9664e481f096899a094917e72e1b170d5a2b05a505ea3753c69529bda5a23ed1ac4bd2832fe1d7ff4794a43ca0ed4f5159ade68
SSDEEP

24576:x15wx9NIUJ3vND1SZeMmhUyzsDtZh4hZNvvjfxYIsoET5OKs8T0LA3wAZSPIn:FgNvXSZ2KvhCjxYboElOKs8hwhI

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	checkip.dyndns.org

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4248	aspnet_compiler.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4348	109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe
Token: SeDebugPrivilege	4348	109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe
Token: SeDebugPrivilege	4248	aspnet_compiler.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 4248	4348	109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe	74
PID 4348 wrote to memory of 4248	4348	109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe	74
PID 4348 wrote to memory of 4248	4348	109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe	74

C:\Users\Admin\AppData\Local\Temp\109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe
"C:\Users\Admin\AppData\Local\Temp\109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4248-1052-0x00000253432E0000-0x000002534332B000-memory.dmp

Filesize
300KB

Download
memory/4248-1053-0x00007FFE28E63000-0x00007FFE28E64000-memory.dmp

Filesize
4KB

Download
memory/4248-1054-0x0000025344FB0000-0x0000025344FF6000-memory.dmp

Filesize
280KB

Download
memory/4248-1055-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4248-1056-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4248-1060-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4248-1057-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4348-36-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-28-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-4-0x00000232CC3E0000-0x00000232CC4FE000-memory.dmp

Filesize
1.1MB

Download
memory/4348-16-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-54-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-68-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-66-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-64-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-62-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-60-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-58-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-56-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-52-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-50-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-46-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-44-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-42-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-40-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-39-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-2-0x00000232CC1E0000-0x00000232CC2FC000-memory.dmp

Filesize
1.1MB

Download
memory/4348-34-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-32-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-30-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-3-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4348-26-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-24-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-22-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-20-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-18-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-14-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-48-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-12-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-10-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-8-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-6-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-5-0x00000232CC3E0000-0x00000232CC4F8000-memory.dmp

Filesize
1.1MB

Download
memory/4348-1041-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4348-1042-0x00000232CC300000-0x00000232CC39E000-memory.dmp

Filesize
632KB

Download
memory/4348-1043-0x00000232B2100000-0x00000232B214C000-memory.dmp

Filesize
304KB

Download
memory/4348-1-0x00000232B1AE0000-0x00000232B1C98000-memory.dmp

Filesize
1.7MB

Download
memory/4348-0-0x00007FFE28E63000-0x00007FFE28E64000-memory.dmp

Filesize
4KB

Download
memory/4348-1044-0x00007FFE28E63000-0x00007FFE28E64000-memory.dmp

Filesize
4KB

Download
memory/4348-1045-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4348-1047-0x00000232B2170000-0x00000232B21C4000-memory.dmp

Filesize
336KB

Download
memory/4348-1048-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download
memory/4348-1051-0x00007FFE28E60000-0x00007FFE2984C000-memory.dmp

Filesize
9.9MB

Download