70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe
Size

978KB
MD5

6d9f3a386490c69c6d6a49a5d1b756a5
SHA1

7c49c3a73e94674c803381cfd199e4f6bd9c7d60
SHA256

70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419
SHA512

2310deb2d92b94321fa4dd0aebe0c91bf93cb3915c74d6a3ee6b42bf7fa2846ba0f9e0cb70e60924fbcd073244c85e20bf9058c159cfd7a675f9481f59dd935a
SSDEEP

24576:HZGtMXDHVI7ZsW2oXWWIAi0+NDP+k1HkT6vN72rgJ/n:HQc1QuW2gd+ddlN2cJv

Score

10^/10

persistence

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4748 created 3524	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	56

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bsmpeu = "C:\\Users\\Admin\\AppData\\Roaming\\Bsmpeu.exe"	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4748 set thread context of 2660	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	87

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe
Token: SeDebugPrivilege	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 2660	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	87
PID 4748 wrote to memory of 2660	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	87
PID 4748 wrote to memory of 2660	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	87
PID 4748 wrote to memory of 2660	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	87
PID 4748 wrote to memory of 2660	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	87
PID 4748 wrote to memory of 2660	4748	70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe	87

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3524
- C:\Users\Admin\AppData\Local\Temp\70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe
  "C:\Users\Admin\AppData\Local\Temp\70a9729398a4acd0bbeb8a75eb62555cd8f509f3ac4e04338c62cdef3a8d0419.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4748
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2660-1091-0x0000000140000000-0x000000014000C000-memory.dmp

Filesize
48KB

Download
memory/2660-1095-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/2660-1094-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/2660-1093-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/4748-29-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-2-0x000001D6A6980000-0x000001D6A6A60000-memory.dmp

Filesize
896KB

Download
memory/4748-38-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-52-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-64-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-62-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-60-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-58-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-56-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-54-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-50-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-48-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-47-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-44-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-42-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-40-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-36-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-22-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-32-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-30-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-0-0x000001D68C310000-0x000001D68C40A000-memory.dmp

Filesize
1000KB

Download
memory/4748-16-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-66-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-27-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-34-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-20-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-18-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-14-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-12-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-8-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-7-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-3-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-1077-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/4748-1078-0x000001D6A6A60000-0x000001D6A6ABA000-memory.dmp

Filesize
360KB

Download
memory/4748-1079-0x000001D6A6920000-0x000001D6A696C000-memory.dmp

Filesize
304KB

Download
memory/4748-1080-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/4748-1086-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/4748-1084-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/4748-1087-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/4748-1088-0x000001D6A6CC0000-0x000001D6A6D14000-memory.dmp

Filesize
336KB

Download
memory/4748-4-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-11-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-1092-0x00007FFF2B5F0000-0x00007FFF2C0B1000-memory.dmp

Filesize
10.8MB

Download
memory/4748-24-0x000001D6A6980000-0x000001D6A6A59000-memory.dmp

Filesize
868KB

Download
memory/4748-1-0x00007FFF2B5F3000-0x00007FFF2B5F5000-memory.dmp

Filesize
8KB

Download