Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01-09-2024 19:21
General
-
Target
fdc1f7ff601c011a1f458f6201527c927af1d3376ebb8aa2129072cf7f7bd073.exe
-
Size
10.9MB
-
MD5
f040284781993f4b9538af251915ea1f
-
SHA1
add3ad61ad9ce9988ae8c0cba69d4f81b5643283
-
SHA256
fdc1f7ff601c011a1f458f6201527c927af1d3376ebb8aa2129072cf7f7bd073
-
SHA512
aaf5dcf9cd1fe24a651828a543574e59f0ab2f36195eb2acddfbeb0e959d845efce44744102d7e0e3ec76d9dcedb2598168d066493b1a29539e12f05f68caa8b
-
SSDEEP
196608:y4gZigr/hSpJj5VxTtEBzTzHyS/zqwdl29+N:y4gFr/iJ3ExTbldl24N
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Loads dropped DLL 3 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fdc1f7ff601c011a1f458f6201527c927af1d3376ebb8aa2129072cf7f7bd073.exe"C:\Users\Admin\AppData\Local\Temp\fdc1f7ff601c011a1f458f6201527c927af1d3376ebb8aa2129072cf7f7bd073.exe"1⤵
- UAC bypass
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
804KB
MD5c578b6820bda5689940560147c6e5ffc
SHA1922e50d89c9c44bdc205ef17aa57212b64e58852
SHA2563b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389
SHA5129f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85
-
Filesize
52KB
MD5fdc8b75a37017141831e3421479307be
SHA1f6a08cc570d5e5bc4218da376ca353d46d62790d
SHA2562a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e
SHA512d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
21.1MB
-
Filesize
21.1MB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
6.2MB
-
Filesize
1.4MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
21.1MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
21.1MB
-
Filesize
1.5MB
-
Filesize
6.2MB
-
Filesize
21.1MB
-
Filesize
21.1MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB