Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03-09-2024 06:15
Behavioral task
behavioral1
Sample
WebhookSpammerV4.exe
Resource
win10v2004-20240802-en
General
-
Target
WebhookSpammerV4.exe
-
Size
10.7MB
-
MD5
29a004bee7183000900deefc6bb7dce3
-
SHA1
e0ca1ea02942277deb6dea6c7a48aa8d327d7185
-
SHA256
2d824122dd40adf7b22030e976710862a173296200fe25af6b6166b62d9ee940
-
SHA512
7de24ebaeb1d78b4e4aa20aa3e0ba9d6b04436dc422afa530d305732619b2f8804c0912dbdc8c7666691a57452b1c8fddb9b2151c6f48d650d5b437f40aa1a2b
-
SSDEEP
196608:IRdBqC6oMhmwJ50pFBzoP1HbzyAoxDyEFh/bRtbYPvOTvN8YJQlHZ3FFR1/E7rec:/obA50pf0P16mUh/1bTtJQlhCr
Malware Config
Signatures
-
Loads dropped DLL 22 IoCs
pid Process 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe 2380 WebhookSpammerV4.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WebhookSpammerV4.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WebhookSpammerV4.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2380 WebhookSpammerV4.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2924 wrote to memory of 2380 2924 WebhookSpammerV4.exe 87 PID 2924 wrote to memory of 2380 2924 WebhookSpammerV4.exe 87 PID 2924 wrote to memory of 2380 2924 WebhookSpammerV4.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\WebhookSpammerV4.exe"C:\Users\Admin\AppData\Local\Temp\WebhookSpammerV4.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\WebhookSpammerV4.exe"C:\Users\Admin\AppData\Local\Temp\WebhookSpammerV4.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2380
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD555c8e69dab59e56951d31350d7a94011
SHA1b6af2d245ae4d67c38eb1cd31e0c1cffb29b9b2c
SHA2569d8d21022ff9d3f6b81a45209662a4f3481edc2befae0c73b83cf942eab8be25
SHA512efb2ac1891724df16268480628eb230b6ee37ed47b56d2e02a260559865cdd48ee340ce445e58f625e0f4d6dbdc5bfb7ce2eeedf564b837cff255ef7d1dc58cd
-
Filesize
75KB
MD5387725bc6de235719ae355dfaa81e67c
SHA1428b74b0bf8acd04eb20dc5a016352042c812c7a
SHA256a9de8848c95518434cb5c2a9cb9d648cba140021e49f2e5212becf13a329b5d0
SHA512bed2d6902f2ddd7dc7c2043c210ce682df75616ca63d163b756559dc7d33e926733f96d5407dc856061fba711ce41de9b01bb7b9db3940fa359c32c40d9f8233
-
Filesize
147KB
MD5296843bbbd173d0880fe441c88ad0f95
SHA1f9e9323edb85f58ae1f75f1d83781de02889c4e6
SHA256c08f2ba9bdbb6c958de74d05682a1d6eb513ed129cc795100b22a0cb7d815a8b
SHA512c79b45e387539145b964af06cae27aa1087bf7c99ec82466b38daa02f5155c5d9d156c7dc0502f9c7b45441e8ca32d42956ed19e70e60393bbdd4b128ea4c21e
-
Filesize
112KB
MD5aff88d04f5d45e739902084fce6da88a
SHA16ce6a89611069deaa7c74fa4fa86882dc21b5801
SHA25634371eb9b24ba67ce6803d965cf5f0fe88ef4762af648ec2183e5bf21835d876
SHA5128dd8f90ae1cc0fbc76f0039bc12e1aee7b2718017f4f9b09361001bed7b278b84f20d0fffceda4d5edd8744140cfdf1ca52497645d0480f5d42934f7df9808ba
-
Filesize
224KB
MD5680d0a29b8ad9cdb2ddd8d6b59e2fecd
SHA18ec37f37622d29d3025bc6007dfb11ff3ec31a07
SHA25621034f441ffdea24ad10dbbce5ba440c2135bb809695dfbeb2d860325135bc61
SHA512f2a96fb98f2c4ec544b3bc0d289139ecc08b8e53140380d8cfda335d367f6465a7557161a8ca18944d11b2b1fd3a1d1eaaa27ed8c003b0b0b57c5c960846b47b
-
Filesize
50KB
MD5fdfa235f58a04d19e1ce923ca0d8ae19
SHA14a1178ba7e9a56f8c68dc3391a169222c67237e9
SHA2567ad484e99ea33e4eea2cbf09203fb9dbd0c2c325b96e6cf2ffd146156c93bf7a
SHA5120fe187e1019c159c0ee90fbc8eea20e40a28ff05223321d04784e577b60a2c0a3a476fabc71bd81dd08e7a127bb6cb03edf5d604bfdda38516fb2c90148dd118
-
Filesize
157KB
MD5f6b74ac19fb0601a4e612a8dc0c916e3
SHA1d4a77386caf7f70e66d5ec4543c8d9de0e4bc39f
SHA256ce2ea2c96afd8c0cf97fc55130f835b6625a0772d86b259ea82bbc0b3def75e6
SHA5120b60c51f76eb6872000d92bbec7fdabf687f5096fd12f1456cf26ad6033c22b998aee94842fda800288bef94790608204f97a7ed034544a1377cbf9722c6a826
-
Filesize
24KB
MD59cddd43f5b53ab8993e46b24b68d8424
SHA17327ed8baf41f86d122137c511656f98d99ff990
SHA256fa262ab8fb1caf23abf125e1b9d69c78727be3d8274e13ebe83e71f1058406d3
SHA5129661968a986af5495bb3632e0a658885933ed733d64785627597456a5cef9521359a078f64af78464675698aff8f4b3cf844a56a8adbe4d69d4abe8fba3ca542
-
Filesize
68KB
MD5a9450642d8832893998bd213d98d509b
SHA13ef416ffaa438a2809cdffddd1b2717461ead7d4
SHA2565407750d69d74318ec66bd1464558c07c06c6aa9edbc0641cd2dd7533378772b
SHA51293027a694800d2d92ba773e8232ee016946ee9b36ba211537619df0508e9f50660b9a292d29dd4e90c2406b29bd3b1f8e4eb2226945b7163b2bd3227d4482323
-
Filesize
138KB
MD5620f8f46eed249f7a7881656ad22062d
SHA1709c772808ff2e894cdf1066c28287e92fc643c5
SHA256dbceda1c97bfc8f6a0d1d17df6a2d7e1d44c59718cd652e0a5975052b218c590
SHA5122bc2674603db7e29005b84b5de9cefa98737ebbdab5f5a034856c26099872e6886c8b6a41f2cdb2bb52a84ae1a15ae21b6394e1fe6820ba4fe0c7d88f3b1511a
-
Filesize
58KB
MD5a475634789bb1284d75e55870462a74a
SHA1af7bfe3ffeef7479549831c5cd0de487151a6c5f
SHA256725a13950969db01ad20af1f36eb28d6011a2feb31bd8c112b6bed2d025bc761
SHA5129ca2f331d9ca22732ab0cf12a42d1b221f5daf01b5a83c43a4ba0b48798289d52428ab17cdedfde9eb2daf5f12304fe28e2c4d2306399b7fa562acdc74487a19
-
Filesize
822KB
MD5c1b3b5cf32b9a0505be9af7bd59f410b
SHA12774e124e9dfe88597ecd98b64d5a905a44fda56
SHA25615c4c5b53589aee564d00496ed3a88d21d5cd82f16324b258e9caaa34e3056e5
SHA5125f36d50c5eb378cf53f1662bd552e5609459463cd90a1733bace113cd14c3b5bddb76f111e84d4c2a101f730add6bed0071cd375d6b094d3024d2feaa255db64
-
Filesize
284KB
MD5181ac9a809b1a8f1bc39c1c5c777cf2a
SHA19341e715cea2e6207329e7034365749fca1f37dc
SHA256488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee
SHA512e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85
-
Filesize
8KB
MD5f84cc2e3ec261ebdb7ef28c58208c3ef
SHA1de084eb05c747b393e4100abae3cb10fef81373f
SHA256dab2ea82d0b35fd18e9f5369dab9ba24d72f3befb65408e001eecac7b68d1948
SHA512d90fe6abe254d629f3413c6001084ab635b4f9c15e6e8a4d62080436f9e9b9336de3649ad12536994c5be909330dde865196e71546469b9cdcf3373f99f039c8
-
Filesize
99KB
MD5fc9ba355e60e727d1e3c78233c692c20
SHA105fa45db849cb4873df6717150c566f3642b7d8b
SHA25652d473bee2cec8c7b207c74421c34faacf04e624c4db139e1c4ad02ea5fb915e
SHA5126f665ea87a9fe6b62876040650dc537feb9b09ded4d8ece02fb6c26b68f89db1df21d3e1f28a923b4e36c9737ede1e7ade8e0cfc6b6fb550d3da4d091e33c504
-
Filesize
2.1MB
MD5aad424a6a0ae6d6e7d4c50a1d96a17fc
SHA14336017ae32a48315afe1b10ff14d6159c7923bc
SHA2563a2dba6098e77e36a9d20c647349a478cb0149020f909665d209f548dfa71377
SHA512aa4b74b7971cb774e4ae847a226cae9d125fadc7cde4f997b7564dff4d71b590dcbc06a7103451b72b2afe3517ab46d3be099c3620c3d591ccbd1839f0e8f94a
-
Filesize
28KB
MD5bc20614744ebf4c2b8acd28d1fe54174
SHA1665c0acc404e13a69800fae94efd69a41bdda901
SHA2560c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA5120c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b
-
Filesize
525KB
MD5697766aba55f44bbd896cbd091a72b55
SHA1d36492be46ea63ce784e4c1b0103ba21214a76fb
SHA25644a228b3646eb3575abd5cbcb079e018de11ca6b838a29e4391893de69e0cf4b
SHA512206957347540f1356d805bf4a2d062927e190481aadc105c3012e69623149850a846503fca30fc38298f74d7f8f69761fddd0aa7f5e31fedb1fa5e5c9de56e9d
-
Filesize
57KB
MD5876371b620e310c22df0f7cb1cb28bf3
SHA186058ee41d3146610683829a9965fd82d000cf84
SHA2565ce763af03f2d20859415f1af5f0bc489087e396a196caf0bacef36ceecf529a
SHA51269b51090bfee360b3af027b4e98c6ac5b4454dbcc189d47f6b9c08938c5a54ee100c8988886fe3505fc809415e23a901937e5f678f73f775ecfc69e9950ce8bc
-
Filesize
57KB
MD5dd07013785e2bb606293fc3ec6467fcf
SHA1400a7f393708ccccc44e6348e88af0689afabb45
SHA25634da45b57baec57d1193901d24e9dc9dd23eeccd0776b016072b311df1ff8379
SHA512c06a280f89b172f91973954bb461fca1cfb6b0d0c654afe94ae1f801ff18abde36a436959979e98f41ca9dcaec2846f81279aab8701b7941f141367c2a080268
-
Filesize
4.2MB
MD52a9c5db70c6906571f2ca3a07521baa2
SHA1765fa27bbee6a02b20b14b2b78c92a880e6627e5
SHA256c69ce89b0487d86a63b64951207781f8051282afde67b20d3b8374c1a067f611
SHA512fa4a677eaae2d258ac4f083a4e7009d985523b964ada93f53dc399a88c14970c7be2d2f39a7b38a922b58d134df2ede954554dcd00a4895e4273161867acac53
-
Filesize
23KB
MD51559cf3605d62c03d6ff2440ea3e175f
SHA126faec2bafd8523d1705021d06c56947b58cda1c
SHA256b8da64fa424e5fb2bc8de93d2c0dcb55076cd9345452d3c624b3fcbbbe15644b
SHA5121891a356ae98a09a7476697b6e7dd0de6b940043910a9aa414e17a523118d76dd0c55ea786d9bd2a77d792bdf95a75b272352eb813d928c429a707a78c09f05c
-
Filesize
1.3MB
MD530195aa599dd12ac2567de0815ade5e6
SHA1aa2597d43c64554156ae7cdb362c284ec19668a7
SHA256e79443e9413ba9a4442ca7db8ee91a920e61ac2fb55be10a6ab9a9c81f646dbb
SHA5122373b31d15b39ba950c5dea4505c3eaa2952363d3a9bd7ae84e5ea38245320be8f862dba9e9ad32f6b5a1436b353b3fb07e684b7695724a01b30f5ac7ba56e99
-
Filesize
33KB
MD5db52847c625ea3290f81238595a915cd
SHA145a4ed9b74965e399430290bcdcd64aca5d29159
SHA2564fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55
SHA5125a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40
-
Filesize
20KB
MD55e9b3e874f8fbeaadef3a004a1b291b5
SHA1b356286005efb4a3a46a1fdd53e4fcdc406569d0
SHA256f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840
SHA512482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790
-
Filesize
1KB
MD55900f51fd8b5ff75e65594eb7dd50533
SHA12e21300e0bc8a847d0423671b08d3c65761ee172
SHA25614df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0
SHA512ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc
-
Filesize
735B
MD510ec7cd64ca949099c818646b6fae31c
SHA16001a58a0701dff225e2510a4aaee6489a537657
SHA256420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c
SHA51234a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af
-
Filesize
23KB
MD5b900811a252be90c693e5e7ae365869d
SHA1345752c46f7e8e67dadef7f6fd514bed4b708fc5
SHA256bc492b19308bc011cfcd321f1e6e65e6239d4eeb620cc02f7e9bf89002511d4a
SHA51236b8cdba61b9222f65b055c0c513801f3278a3851912215658bcf0ce10f80197c1f12a5ca3054d8604da005ce08da8dcd303b8544706b642140a49c4377dd6ce
-
Filesize
607B
MD592ff1e42cfc5fecce95068fc38d995b3
SHA1b2e71842f14d5422a9093115d52f19bcca1bf881
SHA256eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718
SHA512608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0
-
Filesize
22KB
MD555e2db5dcf8d49f8cd5b7d64fea640c7
SHA18fdc28822b0cc08fa3569a14a8c96edca03bfbbd
SHA25647b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad
SHA512824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5
-
Filesize
5KB
MD5e127196e9174b429cc09c040158f6aab
SHA1ff850f5d1bd8efc1a8cb765fe8221330f0c6c699
SHA256abf7d9d1e86de931096c21820bfa4fd70db1f55005d2db4aa674d86200867806
SHA512c4b98ebc65e25df41e6b9a93e16e608cf309fa0ae712578ee4974d84f7f33bcf2a6ed7626e88a343350e13da0c5c1a88e24a87fcbd44f7da5983bb3ef036a162
-
Filesize
11KB
MD5f9ed2096eea0f998c6701db8309f95a6
SHA1bcdb4f7e3db3e2d78d25ed4e9231297465b45db8
SHA2566437bd7040206d3f2db734fa482b6e79c68bcc950fba80c544c7f390ba158f9b
SHA512e4fb8f28dc72ea913f79cedf5776788a0310608236d6607adc441e7f3036d589fd2b31c446c187ef5827fd37dcaa26d9e94d802513e3bf3300e94dd939695b30
-
Filesize
1.1MB
MD56cadec733f5be72697d7112860a0905b
SHA16a6beeef3b1bb7c85c63f4a3410e673fce73f50d
SHA25619f70dc79994e46d3e1ef6be352f5933866de5736d761faa8839204136916b3f
SHA512e6b3e52968c79d4bd700652c1f2ebd0366b492fcda4e05fc8b198791d1169b20f89b85ec69cefa7e099d06a78bf77ff9c3274905667f0c94071f47bafad46d79
-
Filesize
20KB
MD5309ab5b70f664648774453bccbe5d3ce
SHA151bf685dedd21de3786fe97bc674ab85f34bd061
SHA2560d95949cfacf0df135a851f7330acc9480b965dac7361151ac67a6c667c6276d
SHA512d5139752bd7175747a5c912761916efb63b3c193dd133ad25d020a28883a1dea6b04310b751f5fcbe579f392a8f5f18ae556116283b3e137b4ea11a2c536ec6b
-
Filesize
16KB
MD5be28d16510ee78ecc048b2446ee9a11a
SHA14829d6e8ab8a283209fb4738134b03b7bd768bad
SHA2568f57a23c5190b50fad00bdee9430a615ebebfc47843e702374ae21beb2ad8b06
SHA512f56af7020531249bc26d88b977baffc612b6566146730a681a798ff40be9ebc04d7f80729bafe0b9d4fac5b0582b76f9530f3fe376d42a738c9bc4b3b442df1f
-
Filesize
10KB
MD52652aad862e8fe06a4eedfb521e42b75
SHA1ed22459ad3d192ab05a01a25af07247b89dc6440
SHA256a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161
SHA5126ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596
-
Filesize
14KB
MD5c33963d3a512f2e728f722e584c21552
SHA175499cfa62f2da316915fada2580122dc3318bad
SHA25639721233855e97bfa508959b6dd91e1924456e381d36fdfc845e589d82b1b0cc
SHA512ea01d8cb36d446ace31c5d7e50dfae575576fd69fd5d413941eebba7ccc1075f6774af3c69469cd7baf6e1068aa5e5b4c560f550edd2a8679124e48c55c8e8d7
-
Filesize
37KB
MD5181ed74919f081eeb34269500e228470
SHA1953eb429f6d98562468327858ed0967bdc21b5ad
SHA256564ac0040176cc5744e3860abc36b5ffbc648da20b26a710dc3414eae487299b
SHA512220e496b464575115baf1dede838e70d5ddd6d199b5b8acc1763e66d66801021b2d7cd0e1e1846868782116ad8a1f127682073d6eacd7e73f91bced89f620109
-
Filesize
5KB
MD52da0a23cc9d6fd970fe00915ea39d8a2
SHA1dfe3dc663c19e9a50526a513043d2393869d8f90
SHA2564adf738b17691489c71c4b9d9a64b12961ada8667b81856f7adbc61dffeadf29
SHA512b458f3d391df9522d4e7eae8640af308b4209ce0d64fd490bfc0177fde970192295c1ea7229ce36d14fc3e582c7649460b8b7b0214e0ff5629b2b430a99307d4
-
Filesize
363B
MD5a6448af2c8fafc9a4f42eaca6bf6ab2e
SHA10b295b46b6df906e89f40a907022068bc6219302
SHA256cd44ee7f76c37c0c522bd0cfca41c38cdeddc74392b2191a3af1a63d9d18888e
SHA5125b1a8ca5b09b7281de55460d21d5195c4ee086bebdc35fa561001181490669ffc67d261f99eaa900467fe97e980eb733c5ffbf9d8c541ede18992bf4a435c749
-
Filesize
22KB
MD53250ec5b2efe5bbe4d3ec271f94e5359
SHA16a0fe910041c8df4f3cdc19871813792e8cc4e4c
SHA256e1067a0668debb2d8e8ec3b7bc1aec3723627649832b20333f9369f28e4dfdbf
SHA512f8e403f3d59d44333bce2aa7917e6d8115bec0fe5ae9a1306f215018b05056467643b7aa228154ddced176072bc903dfb556cb2638f5c55c1285c376079e8fe3
-
Filesize
1.1MB
MD5bd51c8fbb9bfc437e19cb19042bfeae8
SHA18e537acb5a5f421ae4290681ed7d295ac8e86ca2
SHA2561ccf9fa395e963daf8aba5a2acd68c5b13ee04b6b689a601652bcf04e7f25f8a
SHA5126dd7041ee42dc2f67eef5efb0eb519dfc79cb19293693d9fb6e60e4cff374e3f955f7e09c8d9526fb5e1a3014875bd09a712d397a7068ac0900c6f8b754d8e6d