Analysis Overview
SHA256
6be4dd9af27712f5ef6dc7d684e5ea07fa675b8cbed3094612a6696a40c664ce
Threat Level: Likely malicious
The file 6be4dd9af27712f5ef6dc7d684e5ea07fa675b8cbed3094612a6696a40c664ce.unknown was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:37
Platform
win7-20240729-en
Max time kernel
16s
Max time network
17s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Processes
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe "C:\Users\Admin\AppData\Local\Temp\6be4dd9af27712f5ef6dc7d684e5ea07fa675b8cbed3094612a6696a40c664ce.msc"
Network
Files
memory/1976-0-0x00000000028C0000-0x00000000028C1000-memory.dmp
memory/1976-5-0x00000000028C0000-0x00000000028C1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:37
Platform
win10v2004-20240802-en
Max time kernel
132s
Max time network
123s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Public\Music\musicx.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\system32\mmc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\system32\mmc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Windows\system32\mmc.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1444 wrote to memory of 2052 | N/A | C:\Windows\system32\mmc.exe | C:\Users\Public\Music\musicx.exe |
| PID 1444 wrote to memory of 2052 | N/A | C:\Windows\system32\mmc.exe | C:\Users\Public\Music\musicx.exe |
Processes
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe "C:\Users\Admin\AppData\Local\Temp\6be4dd9af27712f5ef6dc7d684e5ea07fa675b8cbed3094612a6696a40c664ce.msc"
C:\Users\Public\Music\musicx.exe
"C:\Users\Public\Music\musicx.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | proradead.s3.sa-east-1.amazonaws.com | udp |
| BR | 3.5.233.121:443 | proradead.s3.sa-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 121.233.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.67.204.143.in-addr.arpa | udp |
| SG | 152.42.226.161:80 | 152.42.226.161 | tcp |
| US | 8.8.8.8:53 | 161.226.42.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | speedshare.oss-cn-hongkong.aliyuncs.com | udp |
| HK | 47.79.64.205:443 | speedshare.oss-cn-hongkong.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.64.79.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Public\Music\musicx.exe
| MD5 | 3597d9e93852fddb92e0a0cf0452bb61 |
| SHA1 | d25c62a57ac3000244741bda129f483f2347efa6 |
| SHA256 | 6e6cb0729cb902420739148ae23bf1c7959bc8ea2bf6b6277c5c0de45aa77df6 |
| SHA512 | 5af245a68516698f0bcb63829f1c3abe429a06e94755ab50a29f51914b39e4719a901d2174550b691d5b0fdf1e23ca921714a2c5b2739925ef902766e4ab10d0 |
C:\Users\Public\Music\musicx.exe.config
| MD5 | e6227dbf734df3563d5bbd3e23c7c6bc |
| SHA1 | 5b73b0559d1f6324dc7e6769d5c1431f69f82278 |
| SHA256 | 159d13989d0ae44fddb7b1d4c331f1040d187693f16daa138c651f2cc9b7f6d3 |
| SHA512 | 4b8338d5a8a904dc67775ced0e32b187ea9c9c925e6ffaa9d81f23a78b03e2fc7557d7c0078193f3b61117a93dfda40258f2f722b6f79bd47aff7116e81960ac |
memory/2052-31-0x00007FFFB4473000-0x00007FFFB4475000-memory.dmp