e6ea32ab127a3bf918dd0a835493f41ecce3e79b1ffe26eaf6ecbc54e9f729ae

Resubmissions

24/08/2024, 18:48

240824-xfrg3stdpe 10

24/08/2024, 18:46

24/08/2024, 18:45

24/08/2024, 18:43

24/08/2024, 18:22

Analysis

max time kernel
93s
max time network
97s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Progressbar95.exe
Size

318KB
MD5

90a29d6c9ec40f356cbc1a54c574bb00
SHA1

d2e073320e7097ab330a821f187ab7e159850410
SHA256

e6ea32ab127a3bf918dd0a835493f41ecce3e79b1ffe26eaf6ecbc54e9f729ae
SHA512

454ca7b8694b75b39ece13779161e34602e47f3f776e8d17b3fbf2deec8655b999eaea9b03fdffdefa591454e781ddf1ebd639b5d4370e6abcb8d8c00cc68010
SSDEEP

3072:Elfjw1DAtBXYxjJN2P+tmxfZe+HJQ9cGp2ivMwXVPmSA+8J4Ah83wEyLAt:E1Ftix9oPWmxJi/2ivxXVvA+8J63KLA

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	audit.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	audit.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	audit.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	audit.exe
File opened for modification	C:\Windows\Setup\State\State.ini	audit.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	2704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2704	AUDIODG.EXE
Token: 33	2704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2704	AUDIODG.EXE
Token: SeShutdownPrivilege	1920	audit.exe

C:\Users\Admin\AppData\Local\Temp\Progressbar95.exe
"C:\Users\Admin\AppData\Local\Temp\Progressbar95.exe"
1⤵
PID:1900

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2248

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2704

C:\Windows\System32\oobe\audit.exe
"C:\Windows\System32\oobe\audit.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1920

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:588

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
362KB

MD5
b6a17778d12e4812ccdcd64472bb9eda

SHA1
935bf0add8e3d4294a5199e5f896a878efc39725

SHA256
e96ec06ef47c3acfa051d88cb7fe9dcd6129299089d291d8821bf528d5a9c52c

SHA512
c61f91de29625f1c2848f604edfd99507eb6a627be16d66b94175d047f4ab2ed0c027216c1c2084efb6afa61f353c58b4b2d5707e06a116825efad34f5a90d26

Download Submit
C:\vcredist2010_x64.log.html

Filesize
85KB

MD5
61966c997599081834cb8c8ff115a0e6

SHA1
99e1261a507f23dc672635991929654130ae6674

SHA256
b5f5f9e1786bf90a4fa78e5fa72d71e9961f832b515970a1dc859ee0b3431bf1

SHA512
6af959101d738ec5912f94e9f458c70bd55e772e473f7062cc49bbfaeabda6b4ec45771dd14e21f60036e978a4953bac3056a615c5caad4ba456fe2ea5c261ba

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
379KB

MD5
0e0b2d47be71455367dc681ad5f1ec16

SHA1
5bc5ededc8a59771b11cd201d9666d54675af985

SHA256
ff5d45264ba804681b8f88c713b5b270d17f00fe9745f5a671c19258574dc9e0

SHA512
b36ab2bb1b37a5350ad024285c90a4c1803bebcb2cd2a60ad219635372b067931cc16afdacd00a8d8589da505715508d77d9b2c762d7926b753a44e28158d869

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
b77e22931170512df95e07d0d23182cd

SHA1
4bfa11228e309eef1a7847efef3c3d3c9a0e724f

SHA256
41c3bd8475987becabae2f2eef8eed9392864d20cc9d478f0dbb4a6c91968b95

SHA512
5a59a0a67fc6adf7e9160af16980186400ce6b3020d92ec166b169166928f47d1aae4c56c0571ff11109a82a2af07c324e2af3908b279116529402257f5e86d6

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
165KB

MD5
aeb310fd04165d8fd604e6418d93d934

SHA1
b62e9f08231b5d7350a16cc3bf18eb78143caf70

SHA256
4648f24fc6db9682aefd43200ac13cc6bd3a0b77aadaed629a04b0f656f82c2f

SHA512
0b9f3212856f918fd5178ca228890079678ea2aff30513e064dfd6cb513311c110e5edc6bd6815a57ae332fe32ea0b45142add2383ac328fdefc0828f8e0a214

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
193KB

MD5
ac2c6ec3d3fd5354c2460d4476517de5

SHA1
c506a549a7595817f6accb82094d31ebce0eafef

SHA256
2ab12126c52bdd9826be0b66f2827ec214dd7ccfff835df6ac6305b806b66736

SHA512
f2b8e048c6028ba72cb7f7f3f442bcdc1ffa9a0c5bc1dbb07b693e532c6aae75ac1bdbf8c216feedc05fc0a8fac40d720bd1eb9ba84fe71333e678901113eb81

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
933b5fb778bb2c8c626ced39b61338b6

SHA1
142dae48d84dbeb3e4792d5b6625dcd05df4a8ac

SHA256
611bb55a542ce827d2df8cce94bb6c183ee7c982b919015ea8bd91dfd62c6ff7

SHA512
cadae8863d37e930e70afad72f18f376e0b2d8da1e345a60f221da1e72da168588b6d10df9eabf45e4dec2fb6dfa1713037341becae5b8bc43568cf1c33d5a4e

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
206KB

MD5
0bc59a119c20e6807eeae0019faebcfc

SHA1
053339c002a21ceeec7ab4871a6f4a4d5ccf9940

SHA256
1ca38ae5f4f7049e1f0da4cddf6abd9597972f7250d3241a83a787d5dadea988

SHA512
415a2e2280cbd507de8b2fd73c9d4ed4d3263a1e3618edda0c15634613c9159bb21f8d316ea34f669509ccda6a26984f5a933539f34d6e61ae34d4d683d94b08

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
c672a76529645a3868621cd58ce1e82b

SHA1
a9971c7a41bc4757e9cd37385e7faebe32347781

SHA256
84c72bc34dd806ecff6fe385bc6e8c8ce9c2000764e5d7acab1e50fa148e4a36

SHA512
27ba0d65ef369a0f2c46dd8a3d39f69b9f63892303d5e0bf43971037adee933f96ba974b7800f923baa96840aeb44d8da1b2252d3863c85cb31d487f98acdee8

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
188KB

MD5
1e3231df34ed51632914eb3182e5c66d

SHA1
34f967963e33cfac99e9d0f7fe8530fee1c8edad

SHA256
e515865dbd1fad40eb90b6d0f1a6ddb471a813dfac7f83ee8e034d67ce8e0dc0

SHA512
cfefed61c410bb98b6e210a876a64edb3d8fa5f066386ada30e1f20baf8f3580e633a6d0d471d60353fd9a7584b43688a1e6bd58d1ae6661abf1335cd6a09874

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
346decdf73cdbf8307369265faa71cae

SHA1
6e378c437381c9b681615c8f05b448a37dcbfd5a

SHA256
4dacaa813286cd1072f87d7af59cde10fbadde0f009c011df04c0b4946b30761

SHA512
adf679dd03e015e6458798397ddc7bf59b65792985f9d1e777d6fc75fa056121c9e7d0fed6f7b8a21ba6c3970b10cdbc873a2164472bb27d441c975c18699f7c

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
196KB

MD5
2d8c87e700bc648e7554cc8922bc9226

SHA1
4dba85efc77fb72171da84b535d49a61fe741472

SHA256
c55c42ee87594d6fc1451767f9193f83df58f3a20f92c751bb88f3a607053397

SHA512
0bffd34265e791b0d8008229e6e4aac0c8bdd625c8abea7b38602446d7427236b87adb2abeb230ba82d6471aa54ee202ea171a2d6d5463e0c333ec7e34a9ab78

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
120KB

MD5
9eb52db32968176b5e7b4ad0c8936d5f

SHA1
59a5142e247912d0d9db21a14c8d26101bc0ff16

SHA256
9cf2dfcccb3ff8caa58b6ac1f09d72d1f4fa91f3a3b329ea211765a33f587f4b

SHA512
857379eef3dbbebda4ba806d1f46aa5521220cab7549edc51b47619664997dee8d9fac374de34230402c5cf8e743550bb3a06fbdcdb3b868b70efe9fa7042cab

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
127KB

MD5
1244dda1d9eca14c48a043f6fa751d15

SHA1
51d36daee3f6d7bf5518bb8f6c8f8d000e881547

SHA256
bdff52844e9c6b711d4fe6eb584e59049ccf4f552c42c8a92bb7835a78ea3b05

SHA512
809d3b9f0381287da563754874d9f0ed34abe8bed30902d6f415001381450f9c117c6d315db08d80f1fd1a8b8a985adaae4c26d3758359da2dfaa213c5ce88b2

Download Submit
C:\vcredist2022_x86_001_vcRuntimeMinimum_x86.log

Filesize
121KB

MD5
5509277cb9c9e794476f7d2028106dea

SHA1
453d558de7c44be9cf1a86042df71c18e7dbc779

SHA256
baa893c1f96fb43759475e40718b08053fa211b89d85b385a5b5642fdf2fbfd6

SHA512
fe713840b1b618e1a8b450849ee8cd214ca3d98dd567418b9a1c874a5406c991c693a128c8743ed67fd9b80a838daedfde85f67cd4a21e1e9029a606b177174e

Download Submit
C:\vcredist2022_x86_002_vcRuntimeAdditional_x86.log

Filesize
133KB

MD5
44b76dadb4e03faf3363600d5b5fc81e

SHA1
c5c07afd06a0589cc94c2ef0e743109066d0e053

SHA256
9162b452c0197a2dcfc0fc97cb786d222d33009cc02e94706d8530a56c5491bc

SHA512
c213991cdfa74b6a03b4fe72e2fd889a784c7eda4e88fd2bf093831c7725f4a910a2de43ed68dc596c0e526218fdaf854af43fa55556bccf05f2e3ec3c69c883

Download Submit