Overview

overview

10

Static

static

10

5f039af1a6...91.exe

windows7-x64

7

5f039af1a6...91.exe

windows10-2004-x64

7

5f176e85cd...29.exe

windows7-x64

3

5f176e85cd...29.exe

windows10-2004-x64

3

5f59a08b97...d7.exe

windows7-x64

10

5f59a08b97...d7.exe

windows10-2004-x64

10

5f6bf86507...dd.exe

windows7-x64

10

5f6bf86507...dd.exe

windows10-2004-x64

10

5f7cc3cf60...7b.exe

windows7-x64

8

5f7cc3cf60...7b.exe

windows10-2004-x64

8

5f9e580111...ab.exe

windows7-x64

1

5f9e580111...ab.exe

windows10-2004-x64

1

5fb355ac6b...33.exe

windows7-x64

10

5fb355ac6b...33.exe

windows10-2004-x64

10

5fbe4073ad...bc.exe

windows7-x64

1

5fbe4073ad...bc.exe

windows10-2004-x64

1

6025a03430...45.exe

windows7-x64

10

6025a03430...45.exe

windows10-2004-x64

10

603d00b49e...6c.exe

windows7-x64

1

603d00b49e...6c.exe

windows10-2004-x64

1

605e7762c4...0f.exe

windows7-x64

10

605e7762c4...0f.exe

windows10-2004-x64

10

6062c88bd6...c6.exe

windows7-x64

10

6062c88bd6...c6.exe

windows10-2004-x64

8

6099cb8be8...c1.exe

windows7-x64

10

6099cb8be8...c1.exe

windows10-2004-x64

10

60cefc41a3...23.exe

windows7-x64

10

60cefc41a3...23.exe

windows10-2004-x64

10

612990113a...02.exe

windows7-x64

10

612990113a...02.exe

windows10-2004-x64

10

6135280278...33.exe

windows7-x64

10

6135280278...33.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f039af1a66a3a9d97e5a98931ecadfa8190980e54a6b78f09df47faa4615d91.exe

  • Size

    7.9MB

  • MD5

    da1364870c95f396ea84ac60afdab146

  • SHA1

    d5e023d34954e0d7e32575cf79049a7c64688456

  • SHA256

    5f039af1a66a3a9d97e5a98931ecadfa8190980e54a6b78f09df47faa4615d91

  • SHA512

    b6a8827705fda917b0ef6297d37979799f7ca29e9236381b57a7f6bd95b7ede836efa8056851f260706796caf3d6b6d910326fbee209aa85ab5986bdb2f9d536

  • SSDEEP

    196608:M9sGLbd7rEWWn87E3QeotSqrG8YqcIXcZZB2:MmqbhrEbn87eZsFmq+6

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f039af1a66a3a9d97e5a98931ecadfa8190980e54a6b78f09df47faa4615d91.exe
    "C:\Users\Admin\AppData\Local\Temp\5f039af1a66a3a9d97e5a98931ecadfa8190980e54a6b78f09df47faa4615d91.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Users\Admin\AppData\Local\Temp\BadWIO.exe
      QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXDVmMDM5YWYxYTY2YTNhOWQ5N2U1YTk4OTMxZWNhZGZhODE5MDk4MGU1NGE2Yjc4ZjA5ZGY0N2ZhYTQ2MTVkOTEuZXhl 44
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BadWIO.exe
    Filesize

    7.9MB

    MD5

    4f9043c4b63eed23e5651a61695f8ece

    SHA1

    894c3437351a31f1996b90a2687094b4a1e1f972

    SHA256

    b0474842a4a2f59e72db400e3b67f5a6d10cf1f1e1c287b22575ad80267de5e5

    SHA512

    a7a61e5eea1a4286d7af350a316f2d1a225005d1c1f2e168ae67fd95f3810abf14c1965b71f6759ccd3cfa4d6de12fee683b21befabfdb09586168ba4d7425ef

    Download Submit

  • memory/2372-26-0x0000017424CB0000-0x0000017425736000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/2372-19-0x0000017420630000-0x0000017420668000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2372-31-0x00007FFE07C80000-0x00007FFE08741000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2372-18-0x00000174205B0000-0x00000174205B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2372-30-0x00007FFE07C80000-0x00007FFE08741000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2372-14-0x0000017402E70000-0x0000017404182000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/2372-15-0x00007FFE07C80000-0x00007FFE08741000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2372-16-0x000001741FEE0000-0x000001741FEE8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2372-27-0x0000017424CB0000-0x0000017425736000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/2372-17-0x000001741FED0000-0x000001741FEE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2372-13-0x00007FFE07C80000-0x00007FFE08741000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2372-20-0x0000017420600000-0x000001742060E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2372-22-0x0000017424CB0000-0x0000017425736000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/2372-24-0x00007FFE267B0000-0x00007FFE267B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2372-28-0x0000017424CB0000-0x0000017425736000-memory.dmp

    Filesize

    10.5MB

    Download

  • memory/4224-0-0x00007FFE07C83000-0x00007FFE07C85000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4224-2-0x00007FFE07C80000-0x00007FFE08741000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4224-12-0x00007FFE07C80000-0x00007FFE08741000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4224-1-0x0000025FA9CF0000-0x0000025FAB002000-memory.dmp

    Filesize

    19.1MB

    Download