189c456c653e587b81b4f3950b102a94c4570c2a7057c50b138b511162a2c46a

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
Size

7.9MB
MD5

59a64de403d1bd6e92514201afade29b
SHA1

3a09cadd1bf0ef3c27901c8bf458d9f65a1ac51f
SHA256

88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600
SHA512

573ca82fb7da4bdfc2a5747381191fc9267a49add633c6e5416fa9bd8e22f7f80f0a7b5486377bac73dc9dce806f82e5c444625b81f8e020725ac4529ceed9b9
SSDEEP

196608:J9sGLbd7rEWWn87E3QeotSqrG8YqcIXcZZBB:JmqbhrEbn87eZsFmq+d

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2664	ypyqX6a.exe

Executes dropped EXE 1 IoCs

pid	Process
2664	ypyqX6a.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4196	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
4196	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
4196	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe
2664	ypyqX6a.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4196	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
Token: SeDebugPrivilege	2664	ypyqX6a.exe
Token: SeDebugPrivilege	2664	ypyqX6a.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 2664	4196	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe	87
PID 4196 wrote to memory of 2664	4196	88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe	87

C:\Users\Admin\AppData\Local\Temp\88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe
"C:\Users\Admin\AppData\Local\Temp\88bc7b6a627017c4f048d13e756f27b0adc94dc25d0b53c42a2cbdac36177600.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Users\Admin\AppData\Local\Temp\ypyqX6a.exe
  QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXDg4YmM3YjZhNjI3MDE3YzRmMDQ4ZDEzZTc1NmYyN2IwYWRjOTRkYzI1ZDBiNTNjNDJhMmNiZGFjMzYxNzc2MDAuZXhl 15
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ypyqX6a.exe

Filesize
7.9MB

MD5
e9c3f272b1549647ba12c835012e2b92

SHA1
2aac68cee8ad8b6d9e7a25d8913267eade67615e

SHA256
001b72af91029f6f4ba8e73119279cbbb3b037d6ff5b60eae3446dfc36948175

SHA512
48e70ef6019df65b23de528cf96d2c7843aa59e27adb7d8884b793edf4c038fcceec9b249a5aed7867dda6697db81ad9844410d0d6e333cbdd5ac69c23cb31f7

Download Submit
memory/2664-27-0x000002A16DF90000-0x000002A16EA16000-memory.dmp

Filesize
10.5MB

Download
memory/2664-20-0x000002A16AD00000-0x000002A16AD0E000-memory.dmp

Filesize
56KB

Download
memory/2664-31-0x00007FFD27130000-0x00007FFD27BF1000-memory.dmp

Filesize
10.8MB

Download
memory/2664-18-0x000002A16ACB0000-0x000002A16ACB8000-memory.dmp

Filesize
32KB

Download
memory/2664-30-0x00007FFD27130000-0x00007FFD27BF1000-memory.dmp

Filesize
10.8MB

Download
memory/2664-14-0x000002A14CBA0000-0x000002A14DEB2000-memory.dmp

Filesize
19.1MB

Download
memory/2664-15-0x00007FFD27130000-0x00007FFD27BF1000-memory.dmp

Filesize
10.8MB

Download
memory/2664-16-0x000002A14FB20000-0x000002A14FB28000-memory.dmp

Filesize
32KB

Download
memory/2664-25-0x000002A16DF90000-0x000002A16EA16000-memory.dmp

Filesize
10.5MB

Download
memory/2664-17-0x000002A14FB10000-0x000002A14FB20000-memory.dmp

Filesize
64KB

Download
memory/2664-12-0x00007FFD27130000-0x00007FFD27BF1000-memory.dmp

Filesize
10.8MB

Download
memory/2664-19-0x000002A16AD30000-0x000002A16AD68000-memory.dmp

Filesize
224KB

Download
memory/2664-22-0x000002A16DF90000-0x000002A16EA16000-memory.dmp

Filesize
10.5MB

Download
memory/2664-24-0x00007FFD456D0000-0x00007FFD456D2000-memory.dmp

Filesize
8KB

Download
memory/2664-28-0x000002A16DF90000-0x000002A16EA16000-memory.dmp

Filesize
10.5MB

Download
memory/4196-0-0x00007FFD27133000-0x00007FFD27135000-memory.dmp

Filesize
8KB

Download
memory/4196-2-0x00007FFD27130000-0x00007FFD27BF1000-memory.dmp

Filesize
10.8MB

Download
memory/4196-13-0x00007FFD27130000-0x00007FFD27BF1000-memory.dmp

Filesize
10.8MB

Download
memory/4196-1-0x000001B274720000-0x000001B275A32000-memory.dmp

Filesize
19.1MB

Download