800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64 | Triage

Resubmissions

03-02-2022 13:26

220203-qpq5cahggm 3

01-02-2022 11:13

220201-nbqkjsdear 10

01-02-2022 11:12

220201-na5m3sdeak 10

31-12-2021 08:31

211231-keqg6sggb4 10

Analysis

max time kernel
7s
max time network
11s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 11:12

Sharing

Report Analysis Logs

General

Target

ConsoleApp7.exe
Size

53KB
MD5

b2993b2a7a1edba14742564de7e85cb2
SHA1

cf7f1085978128cc082aec921d34d6d25e4ab19b
SHA256

800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
SHA512

a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a

Score

10^/10

logger

Malware Config

Signatures

Detect A310Logger 1 IoCs

Detect A310Logger SpyEx Variant.

Processes:

resource	yara_rule
behavioral1/memory/1660-55-0x0000000000940000-0x0000000000952000-memory.dmp	family_a310logger_v1

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ConsoleApp7.exe

description pid process

Token: SeDebugPrivilege 1660 ConsoleApp7.exe

C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe
"C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-55-0x0000000000940000-0x0000000000952000-memory.dmp

Filesize
72KB

Download
memory/1660-56-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download
memory/1660-57-0x0000000004E50000-0x0000000004E51000-memory.dmp

Filesize
4KB

Download