189c456c653e587b81b4f3950b102a94c4570c2a7057c50b138b511162a2c46a

Analysis

max time kernel
148s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
Size

7.9MB
MD5

59a64de403d1bd6e92514201afade29b
SHA1

3a09cadd1bf0ef3c27901c8bf458d9f65a1ac51f
SHA256

88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600
SHA512

573ca82fb7da4bdfc2a5747381191fc9267a49add633c6e5416fa9bd8e22f7f80f0a7b5486377bac73dc9dce806f82e5c444625b81f8e020725ac4529ceed9b9
SSDEEP

196608:J9sGLbd7rEWWn87E3QeotSqrG8YqcIXcZZBB:JmqbhrEbn87eZsFmq+d

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2760	UnlgB.exe

Executes dropped EXE 2 IoCs

pid	Process
2760	UnlgB.exe
1232	Process not Found

Loads dropped DLL 3 IoCs

pid	Process
2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
1232	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe
2760	UnlgB.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
Token: SeDebugPrivilege	2760	UnlgB.exe
Token: SeDebugPrivilege	2760	UnlgB.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2760	2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe	30
PID 2624 wrote to memory of 2760	2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe	30
PID 2624 wrote to memory of 2760	2624	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe	30

C:\Users\Admin\AppData\Local\Temp\88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
"C:\Users\Admin\AppData\Local\Temp\88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\UnlgB.exe
  QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXDg4YmM3YjZhNjI3MDE3YzRmMDQ4ZDEzZTc1NmYyN2IwYWRjOTRkYzI1ZDBiNTNjNDJhMmNiZGFjMzYxNzc2MDAuZXhl 39
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\UnlgB.exe

Filesize
7.9MB

MD5
181746bc08ad833adc2b1e784aebe1e9

SHA1
8714e99289d5e5823ec05f00a7ea79ab5f03d92a

SHA256
fbb1604e4eb2543f8192bf355676d1ab5d825b33f9e9646a051274926ef01200

SHA512
057690b798cb3ab87555cf2a0c1c35ab5498017aa936ee3f4cd3dfd0c33e1f7b44f36061899c0efa6b40835235bf2318f4572526b33e8eac3d6a2eb1b57e6dda

Download Submit
memory/2624-16-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2624-1-0x000000013F880000-0x0000000140B92000-memory.dmp

Filesize
19.1MB

Download
memory/2624-2-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2624-0-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

Filesize
4KB

Download
memory/2760-22-0x0000000000950000-0x0000000000960000-memory.dmp

Filesize
64KB

Download
memory/2760-30-0x0000000077380000-0x0000000077382000-memory.dmp

Filesize
8KB

Download
memory/2760-19-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-20-0x0000000000950000-0x000000000095A000-memory.dmp

Filesize
40KB

Download
memory/2760-21-0x0000000000950000-0x000000000095A000-memory.dmp

Filesize
40KB

Download
memory/2760-17-0x000000013F380000-0x0000000140692000-memory.dmp

Filesize
19.1MB

Download
memory/2760-26-0x00000000220A0000-0x0000000022B26000-memory.dmp

Filesize
10.5MB

Download
memory/2760-18-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-28-0x0000000077380000-0x0000000077382000-memory.dmp

Filesize
8KB

Download
memory/2760-33-0x00000000220A0000-0x0000000022B26000-memory.dmp

Filesize
10.5MB

Download
memory/2760-35-0x00000000220A0000-0x0000000022B26000-memory.dmp

Filesize
10.5MB

Download
memory/2760-32-0x0000000077380000-0x0000000077382000-memory.dmp

Filesize
8KB

Download
memory/2760-37-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-38-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-39-0x0000000000950000-0x000000000095A000-memory.dmp

Filesize
40KB

Download