f81754160cc9967e5385b96e6834bc3c5f0c4483ab4e361992b59bbdf1144ab5

General

Target

Install_x64.exe
Size

151.9MB
MD5

f8e71934ccbec56b6a38650212e94f84
SHA1

75605e4d3265d5eba75a33311864e371ca42fe64
SHA256

f81754160cc9967e5385b96e6834bc3c5f0c4483ab4e361992b59bbdf1144ab5
SHA512

d2fe5ccf1d4cd065a11b060800197542bf229f02659dda1f7f4b7061a7206f8a7721248d10f85383dbfa190b542a5897f1e80b1fc69378910a0ff92262d02fe0
SSDEEP

786432:Bt24SdkMhfqpHCOdRIeoxOTx9ylnEk2Fd7yLie63pk3lLwmYEDa:BtOdkMMi5w9qEn7S6S3zYz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
668	Install_x64.exe
668	Install_x64.exe
668	Install_x64.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3012	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	668	Install_x64.exe
Token: SeDebugPrivilege	3012	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 3012	668	Install_x64.exe	30
PID 668 wrote to memory of 3012	668	Install_x64.exe	30
PID 668 wrote to memory of 3012	668	Install_x64.exe	30

C:\Users\Admin\AppData\Local\Temp\Install_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Install_x64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:668
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\.net\Install_x64\4nznmi4w.eny\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
a7349236212b0e5cec2978f2cfa49a1a

SHA1
5abb08949162fd1985b89ffad40aaf5fc769017e

SHA256
a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

SHA512
c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

Download Submit
\Users\Admin\AppData\Local\Temp\.net\Install_x64\4nznmi4w.eny\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
e67dff697095b778ab6b76229c005811

SHA1
88a54a3e3ff2bf83a76bbf5df8a0e50bdb36bcdc

SHA256
e92b997f6f3a10b43d3fdc7743307228aa3b0a43430af60ccb06efa154d37e6a

SHA512
6f2a2bbbfa0464537fccb53d40239a294dca8fd477e79d70cd9f74079da48525a300675d3b0daae292432adbb9dd099fd4dc95b6fe2794f4c5f3a7e56e15ef51

Download Submit
\Users\Admin\AppData\Local\Temp\.net\Install_x64\4nznmi4w.eny\wpfgfx_cor3.dll

Filesize
1.9MB

MD5
24ea1814e6701927b9c714e0a4c3c185

SHA1
95c27a6b1f5927e3021cb6f9d5ef5998b2c4560a

SHA256
d2ebedc0004d5e336c6092e417c11c051767c7dcbcb80303f3484fd805e084ae

SHA512
d6c2f32818970d989c834babeac1ce845e832b853ce1c0b3f7ecbfd41331b7d519461bcc0ef07fd35382f263b9e26ac47bb22f0370071913900fc40e3e2656f2

Download Submit
memory/668-30-0x0000000006B70000-0x0000000006D60000-memory.dmp

Filesize
1.9MB

Download
memory/668-17-0x0000000002020000-0x0000000002180000-memory.dmp

Filesize
1.4MB

Download
memory/668-21-0x0000000140495000-0x0000000140496000-memory.dmp

Filesize
4KB

Download
memory/668-42-0x0000000007970000-0x00000000081B0000-memory.dmp

Filesize
8.2MB

Download
memory/668-70-0x00000000081F0000-0x0000000008220000-memory.dmp

Filesize
192KB

Download
memory/668-66-0x00000000068D0000-0x00000000068F0000-memory.dmp

Filesize
128KB

Download
memory/668-62-0x0000000006880000-0x00000000068A0000-memory.dmp

Filesize
128KB

Download
memory/668-58-0x00000000042C0000-0x00000000042E0000-memory.dmp

Filesize
128KB

Download
memory/668-54-0x0000000002420000-0x0000000002430000-memory.dmp

Filesize
64KB

Download
memory/668-50-0x0000000002380000-0x0000000002390000-memory.dmp

Filesize
64KB

Download
memory/668-46-0x00000000067D0000-0x0000000006850000-memory.dmp

Filesize
512KB

Download
memory/668-38-0x00000000027B0000-0x00000000027F0000-memory.dmp

Filesize
256KB

Download
memory/668-34-0x0000000003FC0000-0x0000000004010000-memory.dmp

Filesize
320KB

Download
memory/668-6-0x00000000034A0000-0x0000000003FC0000-memory.dmp

Filesize
11.1MB

Download
memory/668-13-0x00000000065A0000-0x00000000067D0000-memory.dmp

Filesize
2.2MB

Download
memory/668-26-0x0000000001E70000-0x0000000001E90000-memory.dmp

Filesize
128KB

Download
memory/668-159-0x000000000A3C0000-0x000000000A3CA000-memory.dmp

Filesize
40KB

Download
memory/668-9-0x00000000053E0000-0x0000000006360000-memory.dmp

Filesize
15.5MB

Download
memory/668-22-0x00000000006D0000-0x0000000000710000-memory.dmp

Filesize
256KB

Download
memory/668-158-0x000000000A3C0000-0x000000000A3CA000-memory.dmp

Filesize
40KB

Download
memory/668-197-0x000000000A3C0000-0x000000000A3CA000-memory.dmp

Filesize
40KB

Download
memory/668-196-0x000000000A3C0000-0x000000000A3CA000-memory.dmp

Filesize
40KB

Download
memory/3012-202-0x000007FEF4F8E000-0x000007FEF4F8F000-memory.dmp

Filesize
4KB

Download
memory/3012-203-0x000000001B630000-0x000000001B912000-memory.dmp

Filesize
2.9MB

Download
memory/3012-204-0x00000000022D0000-0x00000000022D8000-memory.dmp

Filesize
32KB

Download
memory/3012-205-0x000007FEF4CD0000-0x000007FEF566D000-memory.dmp

Filesize
9.6MB

Download
memory/3012-207-0x000007FEF4CD0000-0x000007FEF566D000-memory.dmp

Filesize
9.6MB

Download
memory/3012-206-0x000007FEF4CD0000-0x000007FEF566D000-memory.dmp

Filesize
9.6MB

Download
memory/3012-208-0x000007FEF4CD0000-0x000007FEF566D000-memory.dmp

Filesize
9.6MB

Download
memory/3012-209-0x000007FEF4CD0000-0x000007FEF566D000-memory.dmp

Filesize
9.6MB

Download
memory/3012-210-0x000007FEF4F8E000-0x000007FEF4F8F000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads