Overview

overview

10

Static

static

3

CPUChipset.exe

windows7-x64

1

CPUChipset.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 14:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CPUChipset.exe

  • Size

    101KB

  • MD5

    eeeb17fa0c3d008a37d33c0af273d41a

  • SHA1

    337100cb0d0453738aa0cc59046a8a26bce564a9

  • SHA256

    39f19333d5e494f72992f47a8a742aaade50b2e5a8cc37673790a6049c5e3e38

  • SHA512

    abe8e8aa730d05acddb5498ab5bb2ebcbb2cf1a8cd2939e19be05f93b1420754cdc8af80fc5415e661c40ceef07cdb57610f3e0c343cc3e782425303b9d7e4b6

  • SSDEEP

    3072:Ki1ozInkSIqvZVP1zP1NBh2p4n2jHCAefML:GCt7ZR1zP1NBh2jjHCAefML

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    amny cywy oafk vgdo

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CPUChipset.exe
    "C:\Users\Admin\AppData\Local\Temp\CPUChipset.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mb4smaau\mb4smaau.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4536
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES754F.tmp" "c:\Users\Admin\AppData\Local\Temp\mb4smaau\CSC326F6DA32F194B4095E5CF5DDD536C3F.TMP"
        3⤵
          PID:1840

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RES754F.tmp
      Filesize

      1KB

      MD5

      ed067ed9f6b0698fa357e813f78ae491

      SHA1

      b32c59e161db8386247b0970039b6b46275edcc5

      SHA256

      f6750688a9d0fa52d0f012928bf626a4be6cc13bc070c2500ca0698bd0a0ddb7

      SHA512

      e402c79d78497604f402c5477a77c5eb52ce00068ecd1317f67595642c2ea4c942cac24dfaea57cd756661a143c17a19578222df703a28002bbbce99ca8fabe5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_opqfxjef.5rc.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mb4smaau\mb4smaau.dll
      Filesize

      3KB

      MD5

      20bea2a940df528a8790d57c54b8d31e

      SHA1

      b33d5be5016fbc4700c69db3591e61a7fb904945

      SHA256

      3f27302c13b00c63a07c24f9cb85acde217a1117f67602ea6d1da842dd4979bd

      SHA512

      7ab9078f4f9a4b68f1dbc996434c689dd9a137e59c9472d665ed1e8e2e13d01eb0017388bc49ef86cf42d8ca9e04e18a16fdc931be77f18909b637c95782f710

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\mb4smaau\CSC326F6DA32F194B4095E5CF5DDD536C3F.TMP
      Filesize

      652B

      MD5

      d71484d89029adc5e1befeb2af728f1e

      SHA1

      95fb5da5942f7aeab90d96ba6fffaaa5a19a04ee

      SHA256

      06ecd68cf775901da073824c76996646bc0c0d9db548baf01acc75649b35fc63

      SHA512

      edd6c02aaa69bb7938570c81d524839bb369304d32f6dd4d3217b81609940385f3e6d8f32de6491c47b51df33ba0fad3ca6894d53ca58ff1a8bb03366ecf7e96

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\mb4smaau\mb4smaau.0.cs
      Filesize

      666B

      MD5

      9189f3545aa1c923a8a494115d6959e2

      SHA1

      5e8c7991e18202803882cae77633d92e9e4d3ebf

      SHA256

      a96d73d957f868aaef2336ca08a2df2528885747d434817c9d653c17ea1d85cb

      SHA512

      ca26e421e431ab55636565d28e8a0585a6dbd573b6960861ccc6cce04ea8bbfe009f51b3390b706b38d787c5bcbb3ac6363c2f1cd06a92eb1bf7af184c591d21

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\mb4smaau\mb4smaau.cmdline
      Filesize

      369B

      MD5

      fa9a9ad351792bd7b230476dc18df402

      SHA1

      1ed54c7f529d199dbd78f2312fb5d52b11871f80

      SHA256

      dd677a84332417fb9c94b0879cd8eb0f528f00280eeaf9acca1050a1fc99f59e

      SHA512

      b79bd575dac389c489a39b5623bebe8eb812f7edfcb77811aace017902c03ab34340122d0164e4826908ce3bb246c56b95d602bbcd63c0aba1548f84bed54005

      Download Submit

    • memory/2280-0-0x00007FF8D0E93000-0x00007FF8D0E95000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2280-12-0x00007FF8D0E90000-0x00007FF8D1951000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2280-11-0x0000000002B10000-0x0000000002B32000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2280-1-0x00000000009A0000-0x00000000009BE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/2280-25-0x00000000012E0000-0x00000000012E8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2280-27-0x00007FF8D0E93000-0x00007FF8D0E95000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2280-28-0x00007FF8D0E90000-0x00007FF8D1951000-memory.dmp

      Filesize

      10.8MB

      Download