400debff42246bcf28d1eba937480ebdfa755c932707db10ab58ec4a1f5e94f1

Submit
Reports

Overview

overview

Static

static

01a53007f9...68.exe

windows10_x64

022e3c30a1...66.exe

windows10_x64

02ca2b5bb7...35.exe

windows10_x64

0d69cafe70...cd.exe

windows10_x64

0df647f0a2...bc.exe

windows10_x64

1df367eead...2c.exe

windows10_x64

1e083736ae...33.exe

windows10_x64

1e662d9025...7d.exe

windows10_x64

2010009ff5...59.exe

windows10_x64

243379992d...93.exe

windows10_x64

2d63a14e4a...1a.exe

windows10_x64

30e6815ae0...51.exe

windows10_x64

364d3b0e94...fa.exe

windows10_x64

3a4e2dfbd7...00.exe

windows10_x64

4a4a606501...75.exe

windows10_x64

4d89b00768...c0.exe

windows10_x64

5524bfd826...5f.exe

windows10_x64

582bd655f4...9b.exe

windows10_x64

588b74dc8e...70.exe

windows10_x64

609accbb14...2b.exe

windows10_x64

620a9a3efa...11.exe

windows10_x64

623bb62b2b...7c.exe

windows10_x64

642c69b710...bc.exe

windows10_x64

6e18165c4a...34.exe

windows10_x64

78a82aa6d4...cd.exe

windows10_x64

809ed9e2d0...41.exe

windows10_x64

82bf2273f6...2f.exe

windows10_x64

9bd142ecfe...06.exe

windows10_x64

9c4880a98c...82.exe

windows10_x64

9d608ed375...11.exe

windows10_x64

9ed5bbddf1...6e.exe

windows10_x64

a1dad4a83d...c4.exe

windows10_x64

Resubmissions

10-11-2021 14:52

211110-r84p8aedej 10

09-11-2021 13:19

211109-qkrv3sfcg4 10

Analysis

max time kernel
337s
max time network
364s
platform
windows10_x64
resource
win10-en-20211014
submitted
10-11-2021 14:52

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

01a53007f9b19d8ae4f12cc75bafcbef064f75d3a4b31b347b334a2d30558d68.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

022e3c30a1504fde93e24b2206f804a923ee9785e4db81a166939a1e7b928b66.exe

Resource

win10-en-20211014

gozi_ifsb redline smokeloader socelars vidar xmrig 1011h 937 udptest backdoor banker discovery evasion infostealer miner spyware stealer suricata themida trojan vmprotect

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

02ca2b5bb774890c50950ad93becc2851bac8d04c35464dad4854088c5db4135.exe

Resource

win10-en-20211014

redline smokeloader socelars ani media14 she aspackv2 backdoor infostealer stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

0d69cafe700a952a621c9b5981504e30c939c3d6cc34452691fce67b2eb6c1cd.exe

Resource

win10-en-20211014

redline smokeloader socelars ani she aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

0df647f0a2aa6c1aa1ec9426b9ef7c23eb6394f3ed29fbbdd0e9e228d24510bc.exe

Resource

win10-en-20211014

raccoon redline smokeloader socelars 2f2ad1a1aa093c5a9d17040c8efd5650a99640b5 chris media18 aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

1df367eead22695952cce5131891dfec5c479da37cb3dac0403015ebb785032c.exe

Resource

win10-en-20211104

raccoon redline smokeloader socelars vidar 2f2ad1a1aa093c5a9d17040c8efd5650a99640b5 fucker2 media18 aspackv2 backdoor discovery evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

1e083736aeca35b40f45693442d37466fa7b61ab36b2cebc2a49cb8c8492a433.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar xmrig 916 937 ani media17 aspackv2 backdoor discovery evasion infostealer miner persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

1e662d90254c17f35d76a81e33caff9c356d590244b00583c3bdb837a683607d.exe

Resource

win10-en-20211014

raccoon redline smokeloader socelars vidar 2f2ad1a1aa093c5a9d17040c8efd5650a99640b5 916 fuck1 media18 aspackv2 backdoor infostealer stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

2010009ff5b8b55fbcaa90318461a1b5b69ef6c8fd32ac279e81a10844d57859.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar 937 media13 she aspackv2 backdoor discovery evasion infostealer persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

243379992d4692a9058e9964696513a2f84e03759c6d5b3b737685bf9bf65493.exe

Resource

win10-en-20211014

raccoon redline smokeloader socelars vidar 2f2ad1a1aa093c5a9d17040c8efd5650a99640b5 fucker2 media18 aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

2d63a14e4ab37be8d0eee3d87959e3a0ef972d07411c136ecf2f1ac4191a701a.exe

Resource

win10-en-20211104

raccoon redline smokeloader socelars ani fcdc156d3872c18d25e3ee45499599b45e492a67 she aspackv2 backdoor infostealer persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

364d3b0e9456ecff4518f48695df817af1fdcd76c1f9644a35cfe5ec621e5ffa.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar 916 937 ani she aspackv2 backdoor discovery evasion infostealer persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

3a4e2dfbd7943c7200d7c5ea70c2b0117408d3c1ac3cac7b757d8e05dcc9ff00.exe

Resource

win10-en-20211014

redline smokeloader vidar ani media13 she aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

4a4a606501eea3b8b9e128412455243ca20de0efe374c9c47ff3b5caac457375.exe

Resource

win10-en-20211104

redline smokeloader socelars 05.10 backdoor discovery evasion infostealer spyware stealer suricata themida trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

4d89b007686d09c5143127f408435b76d2ea36991b728985ac47dcf797e6e7c0.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar 916 ani aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

5524bfd8269c656293e16b8da80bd43983f457f261f052e166d90a079517115f.exe

Resource

win10-en-20211014

redline smokeloader ani media12 she aspackv2 backdoor evasion infostealer persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

582bd655f491fe76a95b9c8900a3051d379dcbb86036f273b2a7bc6cdd928e9b.exe

Resource

win10-en-20211104

raccoon redline smokeloader socelars ani fcdc156d3872c18d25e3ee45499599b45e492a67 she aspackv2 backdoor infostealer persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

588b74dc8e2473c34be3e958cb4f63e6466feb0be21e7b0a6418c1c8112ee370.exe

Resource

win10-en-20211014

redline socelars vidar 05.10 build discovery evasion infostealer spyware stealer suricata themida trojan vmprotect

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

609accbb14b3fb81d04e3142447678c4a163ec4fa6e33256e00f723e64b0852b.exe

Resource

win10-en-20211104

redline smokeloader socelars she aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

620a9a3efa423f182b5126bec022a1871d7051d08065495ba7bed12e18668111.exe

Resource

win10-en-20211014

raccoon redline smokeloader socelars vidar 2f2ad1a1aa093c5a9d17040c8efd5650a99640b5 937 fucker2 media18 aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

623bb62b2bdec1c2b272fbeb0da95904b91f20f95a27dc8a59d0ca4c1010ef7c.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar 937 ani she aspackv2 backdoor discovery evasion infostealer persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

642c69b7109f087d01166ed237a4fd4611a2209a11e23a8dc2f2ba5aec3118bc.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar 916 ani she aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

6e18165c4a3685b247b326103b7a12266f7d01a8831aa97e710449273263dc34.exe

Resource

win10-en-20211014

raccoon smokeloader fcdc156d3872c18d25e3ee45499599b45e492a67 backdoor stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

78a82aa6d47c01237be6b269d2bda88a9ca0b1e6eecc29ba631e18fbbd18e5cd.exe

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

809ed9e2d09751dad774b865881411b32bd24ad1626e331c0760b507c20eb741.exe

Resource

win10-en-20211014

redline smokeloader socelars ani media15 she aspackv2 backdoor evasion infostealer stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

82bf2273f62e1bb50f3189fcf8bcf367a264e6942848209c325b3dd5da2cd62f.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar 916 937 ani media17 aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

9bd142ecfe89857de80bb3255a1655f680ca6451b45cca235096dc1c1285e806.exe

Resource

win10-en-20211104

redline smokeloader socelars vidar ani she aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

9c4880a98c53084391a2e2ec350515da63c1dc8ac929af17f012b690b0453782.exe

Resource

win10-en-20211014

redline smokeloader vidar chris fucker2 media20 aspackv2 backdoor infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

9d608ed375a27a573add396e92f4f8e831cb71d344fa21f14b04c42788946511.exe

Resource

win10-en-20211104

smokeloader backdoor evasion spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

9ed5bbddf1be7ad2f19ae45eff5839f0e7a7f435f9fd583a49c2ff7a5e860d6e.exe

Resource

win10-en-20211014

redline smokeloader socelars vidar 916 ani fuck1 media17 aspackv2 backdoor evasion infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

a1dad4a83d843acffbf293c0979951255abd9be4524d5a46c2fd48942a8a47c4.exe

Resource

win10-en-20211104

raccoon redline smokeloader socelars 2f2ad1a1aa093c5a9d17040c8efd5650a99640b5 chris media18 aspackv2 backdoor evasion infostealer stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51.exe
Size

8KB
MD5

af6e236e2635e451927e7e99f159709a
SHA1

ff5a827131c817a3bf95bb8b798b272101428618
SHA256

30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51
SHA512

4b4fd1668211f7193c0b41bb014015f9502b2b75cb0237500c4754e3925d16f719e5154b5fe3cc328d867cfd3cd480802d6150140a48ba5a6ca407100b4b08e6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51.exe

description pid process

Token: SeDebugPrivilege 3692 30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51.exe

description	pid	process
Token: SeDebugPrivilege	3692	30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51.exe

Processes

C:\Users\Admin\AppData\Local\Temp\30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51.exe
"C:\Users\Admin\AppData\Local\Temp\30e6815ae008a8638c5b30460098904121e0b98c7e87784d950f1dc55aafec51.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3692-118-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/3692-120-0x000000001B770000-0x000000001B772000-memory.dmp

Filesize
8KB

Download