52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
Size

6.3MB
MD5

7b9956e820cfd64a02a13af88b5237af
SHA1

ccb27bc5570fd160601d8009727296a12c579f66
SHA256

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960
SHA512

51e91c696d9cd25a1cf99cec15b412dffc1dc70046431a1254dc42d623a557a6438e42588debab3332c4afcfc57485d01b1beb740fcb24fbd9b78dc53e4a0bdc
SSDEEP

24576:sjLAQlWpXO17Q2G4rWgnfeZ79HK+6aAsYsxY90n+Y+2JnsWW3Ff/F5VWdXHb1h6P:MAQlWpXk02Ygp9E+2JnsWWZ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\Hyfot = "C:\\Users\\Admin\\AppData\\Roaming\\Hyfot.exe"	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

description	pid	process	target process
PID 2184 set thread context of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

description	pid	process
Token: SeDebugPrivilege	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
Token: SeDebugPrivilege	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

description	pid	process	target process
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
PID 2184 wrote to memory of 2612	2184	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe	52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe

C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
"C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2184

C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe
"C:\Users\Admin\AppData\Local\Temp\52a37eb90b8f3a1d164717415b58cf9bac1db1caa1f8aa57224089811cf50960.exe"
2⤵
PID:2612

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-0-0x000000007451E000-0x000000007451F000-memory.dmp

Filesize
4KB

Download
memory/2184-1-0x00000000010F0000-0x0000000001744000-memory.dmp

Filesize
6.3MB

Download
memory/2184-2-0x00000000062B0000-0x0000000006502000-memory.dmp

Filesize
2.3MB

Download
memory/2184-12-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-16-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-14-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-3-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-26-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-24-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-20-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-10-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-8-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-22-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-28-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-18-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-30-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-34-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-36-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-40-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-42-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-48-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-50-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-46-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-52-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-38-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-32-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-6-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-4-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-56-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-58-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-60-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-62-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-64-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-66-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-44-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-54-0x00000000062B0000-0x00000000064FC000-memory.dmp

Filesize
2.3MB

Download
memory/2184-4890-0x0000000000AF0000-0x0000000000B3C000-memory.dmp

Filesize
304KB

Download
memory/2184-4889-0x0000000005040000-0x00000000050CE000-memory.dmp

Filesize
568KB

Download
memory/2184-4892-0x0000000074510000-0x0000000074BFE000-memory.dmp

Filesize
6.9MB

Download
memory/2184-4891-0x0000000074510000-0x0000000074BFE000-memory.dmp

Filesize
6.9MB

Download
memory/2184-4893-0x0000000000B90000-0x0000000000BE4000-memory.dmp

Filesize
336KB

Download
memory/2184-4902-0x0000000074510000-0x0000000074BFE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads