Overview
overview
4Static
static
3klist.exe
windows10-2004-x64
1ksetup.exe
windows10-2004-x64
1ktmutil.exe
windows10-2004-x64
1la57setup.exe
windows10-2004-x64
1label.exe
windows10-2004-x64
1licensingdiag.exe
windows10-2004-x64
3lodctr.exe
windows10-2004-x64
1logagent.exe
windows10-2004-x64
1logman.exe
windows10-2004-x64
1lpkinstall.exe
windows10-2004-x64
1lpksetup.exe
windows10-2004-x64
1lpremove.exe
windows10-2004-x64
1lsass.exe
windows10-2004-x64
1makecab.exe
windows10-2004-x64
1manage-bde.exe
windows10-2004-x64
1mblctr.exe
windows10-2004-x64
1mcbuilder.exe
windows10-2004-x64
4mfpmp.exe
windows10-2004-x64
1mmc.exe
windows10-2004-x64
1mmgaserver.exe
windows10-2004-x64
1mobsync.exe
windows10-2004-x64
3mountvol.exe
windows10-2004-x64
1mpnotify.exe
windows10-2004-x64
1msconfig.exe
windows10-2004-x64
1msdt.exe
windows10-2004-x64
1msdtc.exe
windows10-2004-x64
1msfeedssync.exe
windows10-2004-x64
1mshta.exe
windows10-2004-x64
1msiexec.exe
windows10-2004-x64
1msinfo32.exe
windows10-2004-x64
1msra.exe
windows10-2004-x64
1mtstocom.exe
windows10-2004-x64
1Resubmissions
23/08/2024, 16:00
240823-tf47dsteqe 623/08/2024, 15:32
240823-sy293sseld 423/08/2024, 15:18
240823-sp1d5athqk 823/08/2024, 14:12
240823-rjcv7sydnd 723/08/2024, 02:33
240823-c17dta1cpd 723/08/2024, 02:11
240823-cmbpzszelg 423/08/2024, 02:00
240823-ce59mazbnh 423/08/2024, 01:37
240823-b1992a1dmm 523/08/2024, 01:24
240823-bsm5jazhpp 523/08/2024, 00:51
240823-a7p21awhld 6Analysis
-
max time kernel
143s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2024, 02:11
Static task
static1
Behavioral task
behavioral1
Sample
klist.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
ksetup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
ktmutil.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
la57setup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
label.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
licensingdiag.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
lodctr.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
logagent.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
logman.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
lpkinstall.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
lpksetup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
lpremove.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
lsass.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
makecab.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
manage-bde.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
mblctr.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
mcbuilder.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
mfpmp.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
mmc.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
mmgaserver.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
mobsync.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
mountvol.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
mpnotify.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
msconfig.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
msdt.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
msdtc.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
msfeedssync.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
mshta.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
msiexec.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
msinfo32.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
msra.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
mtstocom.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
mcbuilder.exe
-
Size
124KB
-
MD5
fa8d521aeb4c13fcd84b564b14257f34
-
SHA1
3c57c173472b69e11c21de0dba7e2ce43595dddb
-
SHA256
4280c675c4c1da4f0ffe4b313b3c5d47dd0c54bfb98d324695c479370e5c015d
-
SHA512
8abd18c0dfe6f83427266a7da51f44b26c3d915db6bf067e6fff55966a504928592fe5bd92e62d876c096f10a213406dc53c5a70239afa20b7eb759abb1c50e6
-
SSDEEP
3072:nsEdVfAl5BNPDEPNHRVVN8IGje/42/5RJZ:njAl5BNAPNHTVNe2hR
Malware Config
Signatures
-
Drops file in Windows directory 44 IoCs
description ioc Process File created C:\Windows\rescache\_merged\1945310375\1579783404.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2928961003\233451780.pri mcbuilder.exe File created C:\Windows\rescache\_merged\4278325366\1751300353.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2137598169\763663515.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3246022523\1310907840.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2899339121\3283816118.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1691975690\313511989.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1008669510\2568033634.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3252231599\4004208252.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3977956527\1329286067.pri mcbuilder.exe File created C:\Windows\rescache\_merged\92721896\2627456821.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2360802049\2582110779.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3937681233\489081570.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1102129660\1035418116.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2263554406\1252897778.pri mcbuilder.exe File created C:\Windows\rescache\_merged\942976607\1801797217.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2965031256\994543616.pri mcbuilder.exe File created C:\Windows\rescache\_merged\242531539\1214306450.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1045417640\2472273293.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2285375612\726260609.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2229298842\349655694.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1649057605\3074285887.pri mcbuilder.exe File created C:\Windows\rescache\_merged\431186354\3370782863.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2530935351\13361309.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2879188601\2015277770.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2181205234\3574808305.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1712550052\3873746757.pri mcbuilder.exe File created C:\Windows\rescache\_merged\205257784\3992874013.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1910676589\2458961941.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3200614358\1742986345.pri mcbuilder.exe File created C:\Windows\rescache\_merged\64831148\2462955770.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3970336390\3788409035.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3031988681\3138256020.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3214612860\82619076.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3983011459\3528621245.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1936697710\624618829.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2782477206\1872229385.pri mcbuilder.exe File created C:\Windows\rescache\_merged\482193516\2123952692.pri mcbuilder.exe File created C:\Windows\rescache\_merged\1902349548\1359334081.pri mcbuilder.exe File created C:\Windows\rescache\_merged\899128513\3586512575.pri mcbuilder.exe File created C:\Windows\rescache\_merged\2939201637\2488733036.pri mcbuilder.exe File created C:\Windows\rescache\_merged\4245263321\894224913.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3479232320\2318993755.pri mcbuilder.exe File created C:\Windows\rescache\_merged\3628602599\3564717247.pri mcbuilder.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeSecurityPrivilege 1924 mcbuilder.exe