0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 23:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe
Size

20KB
MD5

92533b2d1f8ab09059ef59097bdd8be0
SHA1

ead46b3e792d92860e0c6c372897bc6ed0da87c6
SHA256

0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519
SHA512

1fda7fab8d8ce1176c400a9fd6199d10619a9795a9e2d8b5dcc678a0dbfe1d2edaabbc3dab4261100876c4a0cf4ca0068dd3603288fc0ca23030661b697cc8f2
SSDEEP

384:IK6JmmlAOxFrjfnCGjB+Wm3c+DRXaLn6/ol7lm8qhHE7QVbMEfTg:R6JxFrjPCGjB+26/o/m8Ek7QVbHg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 19 IoCs

pid	Process
2736	tensho2client.exe
2852	tensho2client.exe
2888	tensho2client.exe
488	tensho2client.exe
2892	tensho2client.exe
2656	tensho2client.exe
2664	tensho2client.exe
1864	tensho2client.exe
1020	tensho2client.exe
2676	tensho2client.exe
1032	tensho2client.exe
1796	tensho2client.exe
2424	tensho2client.exe
2928	tensho2client.exe
2956	tensho2client.exe
2432	tensho2client.exe
852	tensho2client.exe
2532	tensho2client.exe
2456	tensho2client.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2736	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	30
PID 3056 wrote to memory of 2736	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	30
PID 3056 wrote to memory of 2736	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	30
PID 3056 wrote to memory of 2736	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	30
PID 3056 wrote to memory of 2852	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	32
PID 3056 wrote to memory of 2852	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	32
PID 3056 wrote to memory of 2852	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	32
PID 3056 wrote to memory of 2852	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	32
PID 3056 wrote to memory of 2888	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	33
PID 3056 wrote to memory of 2888	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	33
PID 3056 wrote to memory of 2888	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	33
PID 3056 wrote to memory of 2888	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	33
PID 3056 wrote to memory of 488	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	34
PID 3056 wrote to memory of 488	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	34
PID 3056 wrote to memory of 488	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	34
PID 3056 wrote to memory of 488	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	34
PID 3056 wrote to memory of 2892	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	35
PID 3056 wrote to memory of 2892	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	35
PID 3056 wrote to memory of 2892	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	35
PID 3056 wrote to memory of 2892	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	35
PID 3056 wrote to memory of 2656	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	36
PID 3056 wrote to memory of 2656	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	36
PID 3056 wrote to memory of 2656	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	36
PID 3056 wrote to memory of 2656	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	36
PID 3056 wrote to memory of 2664	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	37
PID 3056 wrote to memory of 2664	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	37
PID 3056 wrote to memory of 2664	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	37
PID 3056 wrote to memory of 2664	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	37
PID 3056 wrote to memory of 1864	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	38
PID 3056 wrote to memory of 1864	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	38
PID 3056 wrote to memory of 1864	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	38
PID 3056 wrote to memory of 1864	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	38
PID 3056 wrote to memory of 1020	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	39
PID 3056 wrote to memory of 1020	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	39
PID 3056 wrote to memory of 1020	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	39
PID 3056 wrote to memory of 1020	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	39
PID 3056 wrote to memory of 2676	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	40
PID 3056 wrote to memory of 2676	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	40
PID 3056 wrote to memory of 2676	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	40
PID 3056 wrote to memory of 2676	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	40
PID 3056 wrote to memory of 1032	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	41
PID 3056 wrote to memory of 1032	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	41
PID 3056 wrote to memory of 1032	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	41
PID 3056 wrote to memory of 1032	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	41
PID 3056 wrote to memory of 1796	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	42
PID 3056 wrote to memory of 1796	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	42
PID 3056 wrote to memory of 1796	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	42
PID 3056 wrote to memory of 1796	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	42
PID 3056 wrote to memory of 2424	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	43
PID 3056 wrote to memory of 2424	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	43
PID 3056 wrote to memory of 2424	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	43
PID 3056 wrote to memory of 2424	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	43
PID 3056 wrote to memory of 2928	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	44
PID 3056 wrote to memory of 2928	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	44
PID 3056 wrote to memory of 2928	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	44
PID 3056 wrote to memory of 2928	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	44
PID 3056 wrote to memory of 2956	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	45
PID 3056 wrote to memory of 2956	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	45
PID 3056 wrote to memory of 2956	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	45
PID 3056 wrote to memory of 2956	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	45
PID 3056 wrote to memory of 2432	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	46
PID 3056 wrote to memory of 2432	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	46
PID 3056 wrote to memory of 2432	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	46
PID 3056 wrote to memory of 2432	3056	0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe	46

C:\Users\Admin\AppData\Local\Temp\0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe
"C:\Users\Admin\AppData\Local\Temp\0b4052b463d60953a66b93b247cfa3f5ac1eb125f48499b202934bbe78813519N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Users\Admin\AppData\Local\Temp\tensho2client.exe
  "tensho2client.exe"
  2⤵
  - Executes dropped EXE
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tensho2client.exe

Filesize
3.6MB

MD5
1fe4a7e4e662a1ca3f740cb8b4af182d

SHA1
28d36bbd31f1f6cb34d7df82c8c0238af16238e9

SHA256
9c15c004993eccfaa5934a0269d8bff2269b1348c3057087048ae6bd8501fd7c

SHA512
87e5f7c4de405be66f8c46517ac766231cf80e60169df14ac57d8c704417112a0cd73a75d9ec8fb5fa002e86f19fb5c6098f9a91daaa53923fec097eaa1c2c65

Download Submit
memory/3056-0-0x000007FEF58B3000-0x000007FEF58B4000-memory.dmp

Filesize
4KB

Download
memory/3056-1-0x0000000000AB0000-0x0000000000ABC000-memory.dmp

Filesize
48KB

Download
memory/3056-2-0x000007FEF58B0000-0x000007FEF629C000-memory.dmp

Filesize
9.9MB

Download
memory/3056-7-0x000007FEF58B3000-0x000007FEF58B4000-memory.dmp

Filesize
4KB

Download
memory/3056-8-0x000007FEF58B0000-0x000007FEF629C000-memory.dmp

Filesize
9.9MB

Download