be1e902f9a7d42b9f38f93a96f877f4a206a823f64a6bf00f343d9cd00b981ad

Resubmissions

07-01-2025 22:00

250107-1wz1yazrht 7

07-01-2025 21:58

250107-1vhp9ssnaq 7

07-01-2025 14:57

250107-sbtdnawkb1 10

Analysis

max time kernel
667s
max time network
671s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-01-2025 14:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Innovarteks-setup 1.0.exe
Size

143.5MB
MD5

87c8b487c3903bbc37ba9533680630c5
SHA1

743d43f1d007f06de961b10ed29d861574008ffa
SHA256

be1e902f9a7d42b9f38f93a96f877f4a206a823f64a6bf00f343d9cd00b981ad
SHA512

5ac443a52d0d7780c6bb3831f75579fc8310629f8a906274c3d1b40d955cada2469f7f6723c4be4e8cdaa5feecafcfc34d4b0a3a5a5a6a3439854117c767d02d
SSDEEP

3145728:qP+bSC++4uDXW4HTx+3MEwy+E9MPWzJUrYX5M3gbcKCXoOE23QtlV:W+2CauDXWz8eJ9LzJaYE2C6z

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2124	Innovarteks-setup 1.0.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	4176	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4176	AUDIODG.EXE
Token: 33	4176	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4176	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2124	2708	Innovarteks-setup 1.0.exe	30
PID 2708 wrote to memory of 2124	2708	Innovarteks-setup 1.0.exe	30
PID 2708 wrote to memory of 2124	2708	Innovarteks-setup 1.0.exe	30

C:\Users\Admin\AppData\Local\Temp\Innovarteks-setup 1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Innovarteks-setup 1.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Users\Admin\AppData\Local\Temp\Innovarteks-setup 1.0.exe
  "C:\Users\Admin\AppData\Local\Temp\Innovarteks-setup 1.0.exe"
  2⤵
  - Loads dropped DLL
  PID:2124

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:4104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4176

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:4384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI27082\python313.dll

Filesize
5.8MB

MD5
b9de917b925dd246b709bb4233777efd

SHA1
775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

SHA256
0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

SHA512
f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

Download Submit
memory/4104-2777-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/4384-2778-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download