Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/11/2024, 12:02

Errors

Reason
Machine shutdown

General

  • Target

    a7ca223256e15732868624abe7c675298c8c5ccda4f164375c8619428b9a3ed4.exe

  • Size

    10.6MB

  • MD5

    3e7d33b05268477c3f7560175e811281

  • SHA1

    30e82b0ce94d4d72f45f6ab0d4a25f04c9f6852c

  • SHA256

    a7ca223256e15732868624abe7c675298c8c5ccda4f164375c8619428b9a3ed4

  • SHA512

    4c5c2e16fc00651312729fc0644b194934dd73d35f7576cc2571409e40d4ddedd101b50649ac7e725cfbabdf751c3716a482ed8c8325946b376015f6219beecb

  • SSDEEP

    196608:rx4MtJrpmr3LKzo1rbpam8dx0E2GfPHSczgV/bcjgxIymx4:rTtJm70CrbpTE3p8V/bcjgqh4

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7ca223256e15732868624abe7c675298c8c5ccda4f164375c8619428b9a3ed4.exe
    "C:\Users\Admin\AppData\Local\Temp\a7ca223256e15732868624abe7c675298c8c5ccda4f164375c8619428b9a3ed4.exe"
    1⤵
    • Adds Run key to start application
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:4552
    • C:\Windows\system32\shutdown.exe
      shutdown /r /t 90
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3576
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39bb855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:4668

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads