0b5fe211d558daa7d54207d2869f53d0a91ae16397343fd2605fd3a0f292dd21

Analysis

max time kernel
151s
max time network
157s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BrowserTool.exe
Size

99.6MB
MD5

f489556fdde15b99e202a06f0cf513aa
SHA1

dc7991c837e336484d9bcd56fbe42129cc5a62d0
SHA256

0b5fe211d558daa7d54207d2869f53d0a91ae16397343fd2605fd3a0f292dd21
SHA512

dd87414e68ba61a6821d27853c45399193520d090fc9f69f7c4bd5ba1cc591e0384d680c454525d99d95f0b880cc50dffcca201d838d3c8f2d595ba27eda0cdd
SSDEEP

786432:d0urM/MqRmUT0kBKpM6i8nOhxYjjCmrkIvchTJCILjXvxscyQZfbyrBovl+4BPbG:d0XvQAsKlJGkzR21vYdsj

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
91	bitbucket.org
687	bitbucket.org
272	bitbucket.org
475	bitbucket.org
555	bitbucket.org
199	bitbucket.org
358	bitbucket.org
911	bitbucket.org
188	bitbucket.org
318	bitbucket.org
641	bitbucket.org
418	bitbucket.org
632	bitbucket.org
689	bitbucket.org
148	bitbucket.org
414	bitbucket.org
537	bitbucket.org
695	bitbucket.org
383	bitbucket.org
473	bitbucket.org
811	bitbucket.org
880	bitbucket.org
27	bitbucket.org
282	bitbucket.org
605	bitbucket.org
668	bitbucket.org
674	bitbucket.org
777	bitbucket.org
803	bitbucket.org
364	bitbucket.org
411	bitbucket.org
676	bitbucket.org
691	bitbucket.org
89	bitbucket.org
149	bitbucket.org
237	bitbucket.org
407	bitbucket.org
529	bitbucket.org
263	bitbucket.org
424	bitbucket.org
593	bitbucket.org
654	bitbucket.org
819	bitbucket.org
54	bitbucket.org
457	bitbucket.org
677	bitbucket.org
692	bitbucket.org
697	bitbucket.org
913	bitbucket.org
443	bitbucket.org
635	bitbucket.org
836	bitbucket.org
855	bitbucket.org
82	bitbucket.org
141	bitbucket.org
243	bitbucket.org
26	bitbucket.org
378	bitbucket.org
623	bitbucket.org
59	bitbucket.org
96	bitbucket.org
269	bitbucket.org
410	bitbucket.org
659	bitbucket.org

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2692	BrowserTool.exe

C:\Users\Admin\AppData\Local\Temp\BrowserTool.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserTool.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2692-0-0x000007FEF5CB3000-0x000007FEF5CB4000-memory.dmp

Filesize
4KB

Download
memory/2692-1-0x0000000000050000-0x00000000063E0000-memory.dmp

Filesize
99.6MB

Download
memory/2692-2-0x000007FEF5CB0000-0x000007FEF669C000-memory.dmp

Filesize
9.9MB

Download
memory/2692-3-0x000007FEF5CB3000-0x000007FEF5CB4000-memory.dmp

Filesize
4KB

Download
memory/2692-4-0x000007FEF5CB0000-0x000007FEF669C000-memory.dmp

Filesize
9.9MB

Download