Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
05-08-2022 16:06
Behavioral task
behavioral1
Sample
0c9df96101af0ac8049408831d42dedd.exe
Resource
win7-20220715-en
windows7-x64
4 signatures
150 seconds
General
-
Target
0c9df96101af0ac8049408831d42dedd.exe
-
Size
29KB
-
MD5
0c9df96101af0ac8049408831d42dedd
-
SHA1
a43aedc5578add2f07269f88b923536b9d239019
-
SHA256
9207a09821cbdc73ff5c3909c74914e772a4c356cfcb58eea38f8eeb1ea0c11a
-
SHA512
2079380e4b839ba4b46f8f7c9eb34dc85b33a2876faa968efed62c3eb544125395ad6fc0dbf29f627cbf47e4550366485f2e789545a3726dd12df0a7cbb6710b
Malware Config
Extracted
Family
limerat
Attributes
-
aes_key
O
-
antivm
false
-
c2_url
https://pastebin.com/raw/9uk330hR
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
0c9df96101af0ac8049408831d42dedd.exepid process 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe 3500 0c9df96101af0ac8049408831d42dedd.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
0c9df96101af0ac8049408831d42dedd.exedescription pid process Token: SeDebugPrivilege 3500 0c9df96101af0ac8049408831d42dedd.exe Token: SeDebugPrivilege 3500 0c9df96101af0ac8049408831d42dedd.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3500-130-0x00000000005A0000-0x00000000005AC000-memory.dmpFilesize
48KB
-
memory/3500-131-0x0000000004F20000-0x0000000004FBC000-memory.dmpFilesize
624KB
-
memory/3500-132-0x0000000005030000-0x0000000005096000-memory.dmpFilesize
408KB
-
memory/3500-133-0x0000000005D50000-0x00000000062F4000-memory.dmpFilesize
5.6MB