f81754160cc9967e5385b96e6834bc3c5f0c4483ab4e361992b59bbdf1144ab5

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 08:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Install_x64.exe
Size

151.9MB
MD5

f8e71934ccbec56b6a38650212e94f84
SHA1

75605e4d3265d5eba75a33311864e371ca42fe64
SHA256

f81754160cc9967e5385b96e6834bc3c5f0c4483ab4e361992b59bbdf1144ab5
SHA512

d2fe5ccf1d4cd065a11b060800197542bf229f02659dda1f7f4b7061a7206f8a7721248d10f85383dbfa190b542a5897f1e80b1fc69378910a0ff92262d02fe0
SSDEEP

786432:Bt24SdkMhfqpHCOdRIeoxOTx9ylnEk2Fd7yLie63pk3lLwmYEDa:BtOdkMMi5w9qEn7S6S3zYz

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 3 IoCs

pid	Process
860	Install_x64.exe
860	Install_x64.exe
860	Install_x64.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1964	powershell.exe
1964	powershell.exe
1964	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	860	Install_x64.exe
Token: SeDebugPrivilege	1964	powershell.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 1964	860	Install_x64.exe	105
PID 860 wrote to memory of 1964	860	Install_x64.exe	105

C:\Users\Admin\AppData\Local\Temp\Install_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Install_x64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3828,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:8
1⤵
PID:3444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\Install_x64\4nznmi4w.eny\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
a7349236212b0e5cec2978f2cfa49a1a

SHA1
5abb08949162fd1985b89ffad40aaf5fc769017e

SHA256
a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

SHA512
c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Install_x64\4nznmi4w.eny\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
e67dff697095b778ab6b76229c005811

SHA1
88a54a3e3ff2bf83a76bbf5df8a0e50bdb36bcdc

SHA256
e92b997f6f3a10b43d3fdc7743307228aa3b0a43430af60ccb06efa154d37e6a

SHA512
6f2a2bbbfa0464537fccb53d40239a294dca8fd477e79d70cd9f74079da48525a300675d3b0daae292432adbb9dd099fd4dc95b6fe2794f4c5f3a7e56e15ef51

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Install_x64\4nznmi4w.eny\wpfgfx_cor3.dll

Filesize
1.9MB

MD5
24ea1814e6701927b9c714e0a4c3c185

SHA1
95c27a6b1f5927e3021cb6f9d5ef5998b2c4560a

SHA256
d2ebedc0004d5e336c6092e417c11c051767c7dcbcb80303f3484fd805e084ae

SHA512
d6c2f32818970d989c834babeac1ce845e832b853ce1c0b3f7ecbfd41331b7d519461bcc0ef07fd35382f263b9e26ac47bb22f0370071913900fc40e3e2656f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rr4nxsoe.leh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1964-13-0x00007FF9CC0E3000-0x00007FF9CC0E5000-memory.dmp

Filesize
8KB

Download
memory/1964-16-0x00000174AA870000-0x00000174AA892000-memory.dmp

Filesize
136KB

Download
memory/1964-24-0x00007FF9CC0E0000-0x00007FF9CCBA1000-memory.dmp

Filesize
10.8MB

Download
memory/1964-25-0x00007FF9CC0E0000-0x00007FF9CCBA1000-memory.dmp

Filesize
10.8MB

Download
memory/1964-26-0x00000174AAB30000-0x00000174AAB74000-memory.dmp

Filesize
272KB

Download
memory/1964-27-0x00000174AAF70000-0x00000174AAFE6000-memory.dmp

Filesize
472KB

Download
memory/1964-30-0x00007FF9CC0E0000-0x00007FF9CCBA1000-memory.dmp

Filesize
10.8MB

Download