7559e6ca8b77400f88bf4e67208a1c32570a670068eccae9e3d226cc5471bd47

Resubmissions

15-09-2024 22:00

240915-1wpj7svapc 10

15-09-2024 21:56

240915-1tbwbsthne 10

20-08-2024 13:49

240820-q4v2vayfmp 10

Analysis

max time kernel
96s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.exe
Size

16KB
MD5

fc8f4e31d85e796c1efe9b0fabeed23a
SHA1

e15233a69c32761d8ad0e293ce1ed2e1162d5647
SHA256

c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096
SHA512

36e40d94711c82fb1669e3143d63833a3f7ad1b0ea8dae00287cbcdfd154135a3d7042702e4900193d0dcae94b0d03f7b6a9fb545e20c709fd4fb4a1cae95351
SSDEEP

384:sxF6Mj9VnRq2Rj9oM+bYO+4kr9oDPlMNcLlb5sVKdyS5Ct:sxF6Mj9V5bDclMNE9o

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1936	HEUR-Backdoor.MSIL.Revenge.exe
Token: 33	2464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2464	AUDIODG.EXE
Token: 33	2464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2464	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.Revenge.exe
"C:\Users\Admin\AppData\Local\Temp\bazaar.2020.02\HEUR-Backdoor.MSIL.Revenge.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1936

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
363KB

MD5
f7bd4c92f82693d63ce09c049c4664ef

SHA1
409bbb90535a137cc92e5be52a102b028020a44e

SHA256
a646bdc1de6b5c07c24b51fc3274e80a72d9a83809350e54cf9ef54f4d2e16e7

SHA512
4adac5eaa574fe9a566d05660b51169b7d76ac60964a5b893d1dce450a9ae1731e35a08c72324896c2b56e25f2fd2b8533a45ccc05f311b15e3e79b403a69635

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
4765e329b71fbd2b87622db80cf205d5

SHA1
97536694941929f6e55dce48fea4683560eb7a50

SHA256
82aecca9a2d64ed5fd5c37a904e2852a88368530bcc5789186a1f6b09bb2887b

SHA512
fee9fc24a37ee941d32d708f4a339b76b08d4ab5386a05acd3d07ace6dd0389ed784c74bd05c100b378a0304bc27471f944d08cc75afa85b821238244757dc60

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
378KB

MD5
947f735d4d0e3db1637ea8f2074b0374

SHA1
85715b9ee4c3f7627cd3d5d84522a12c4f7a600c

SHA256
c5ac091c1d6deb2adfe94932ad9d3a9992a5ca58ae764a5fe361e424a17c7925

SHA512
ace933ede851f4f6dddc2d81f2b760b471a788d6e064c4581abb8f12cd025175a9165712ee1a4cd326aeef7254a9a4149460990cd125b61b24914a7db98540d9

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
f840ddbeea06a9f8c7a952b9cc09b77c

SHA1
62507de59397bae6831213d8693057b495acf376

SHA256
a0901d7f688c09d44661bd101636f435818168894f412dec2c56017795e8cbe4

SHA512
4c52886f6427438cd185aaded7b51ae2cd1376242a2294ae69820176b6c683a05cc84d58a52c39de273a14062506bedc34c81175314ed7517bfc263c8e052982

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
165KB

MD5
e51530e65931247278acce1089a83c94

SHA1
4f9bdb1bda827d3275df8ac135c032f82729f083

SHA256
c1d0b8c9c35cd06695a9f413e41a870131228ef43252633799bb129de1a468ea

SHA512
4df28773a9fc5157200bfa5eeb271ea3161f64cc67c1167c4c6584b8e3f8e3b095408755aa9e9fdd6eb358ec18a61b10fe0b12e8148e8f795cab776f6da91933

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
193KB

MD5
2fd14ca4a49c216c508ef9da5dd5eeb3

SHA1
a0ec036109c5d2b1265cc770edf8f7fd05addf8c

SHA256
461e8dac9a7a898a964c3f932347985140c34150416fda71a68b4d7884614f36

SHA512
337bb79003661a7877428412af5465d68ffeac59e69fb0195d458bc42ca3b2773dfffcb23829a4a208b80bbe50d16b3ebbc5bc28dcdb860b3da4d1cb3fd83af1

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
f90b326a6e03e684570c11c9211fb2ba

SHA1
82cc9ac4ab38ee928d98d5e714b717189a2684ae

SHA256
65498e483784c2dd2390e897b7fa433a2d06580b2d115bc621e2826c61b6a812

SHA512
57ce985fa5177e49cfa2cb1a5752b0d17612cb45b93bdef6d1199eac451eb6ac589bf8e3666eb2763fd122fcd7e4dd83f9b3a21b118b54e2c1c63e86d79c21e3

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
206KB

MD5
8060b8e681e3fe5c59c3211a67bf504d

SHA1
5c778dc6afb02d19456ccc35f931aa672ffafb3e

SHA256
4f9dc67315c4a227d612c0e9c22c6ae0e7ad2be7564922e4c99f768134337778

SHA512
dbdc6a35462520af6e35399596e2bf03452def266838207caad075cd723a7463247ccf81d459afdc782cf0c5ce8962a4c6849c9e4dc5be5ff05d719077384a1f

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
353efa863e1825afd2aee8ff1b8c95c5

SHA1
e57b5e04789c7219643b43160dd646d3cd15aa9e

SHA256
1fd15d5031663fb3da4e045077c0b414c82aaaec853210e3f17da960f602dbda

SHA512
2993a92e1e68bd7b76a858285458de62e655888e522dac5c5f452f2b756e9add17bb112bc49387413f9995f2121e2d3d993b4050ccee57172e858ed347e339dd

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
188KB

MD5
31b2b785d59838090f5717ed12168c1e

SHA1
a84a50d4b3596c553ffeafe22215e30ee1b60281

SHA256
b38a0fac51f0e4ff4593b29c19d752164237cd348e11a3687caa84eeda3acc0d

SHA512
39c8e6cbd10a8e21b6bd709a2fe7d431a01ace65bdbe43cfb959e9105cfa3bac34c0444cbf5eb45cbbf222abaf581cc501819378c9278935716669dc52489d59

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
d432d322879926a144e311d7f4a9d500

SHA1
9562f579e898d2395a6188a8ae728e6ad4b89530

SHA256
9cc4aa4140ef5883fda6dd8401490e9fd6d036ed96038ccd20875ce18cc88c4a

SHA512
57f3e258875830600c7d3a07771950a9038347a367258bfc047116250026440e94d9e3814e133484d6cd8f94e9b951663eed961e1872967f076075cff0b60363

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
196KB

MD5
791af2d228b8e8920124590365b5d517

SHA1
ef5f2a0fcdf7ae7bf606af810b1401d4a53e57b6

SHA256
545feb8b7b32c45a2e87bddcf79a6835203d03abbacaf84c3dfd41b136a74b02

SHA512
0ac8569086ce448c27b7e428261eaf692e82a98406263fc7e431a1bf9a4fdead5aa145722ec0e0706f374e23dc3af6cd59d203f13b281023988656c28a427770

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
127KB

MD5
a0b2c3d3add6cd3ca03e8e15128009f4

SHA1
edbb20df2e787c6e1dc49593b8f08f9ce4db0271

SHA256
909968a60c9de4d1818cb10c89bc36132bf32e9d466be307f958c07256935364

SHA512
dcfde60c97359255c8206b58ab39f9faf296d078787a3f3212c7e3fcf79cda648c8e68ac09e14627099a539f3414e7a30375e34aa312abad0fb8bfac32e607d5

Download Submit
C:\vcredist2022_x86_001_vcRuntimeMinimum_x86.log

Filesize
121KB

MD5
e8fd8956ad36c48b470adcf80b3d9944

SHA1
ab298358dd4e9ac1414b7f16388b99aa55cbe6c2

SHA256
28fe6ccda169c36aa02ca2c8db562ce96266045cd53c0f97925fef1cf4e46675

SHA512
88b98716722cc957c952e017259b83dc64a262a9ad8f201f498244ca7fdd322a13487381c50474f755887d8621442ab24c4596c927bafd2322992679dc49f76c

Download Submit
C:\vcredist2022_x86_002_vcRuntimeAdditional_x86.log

Filesize
133KB

MD5
ece061bc65797b00ce0170d50d6da850

SHA1
bd2997b14a223eb2bd7ccae31ed35886043de432

SHA256
4dd5e297c2163caf0f231981ff89837b9e3ebca3245cd05966e7f6bd9f99c838

SHA512
e8637428e42fc8cb3c62aa8a21810c4d03b9b9bccbd5dea8fdd46ad1f076a0856aacf95068d7cb48925a81244f1165143cccdddae242a018c2b9b65c4fbacd1b

Download Submit
memory/1936-4-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/1936-1-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/1936-0-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

Filesize
4KB

Download
memory/1936-2-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/1936-3-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads