ddced699b161cac8743e49be407d0aeddd817985030b146ecb13f38b136f58ce

Analysis

max time kernel
126s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2023 17:29

Target

Eagle Monitor RAT Reborn/Eagle Monitor RAT Reborn (x64).exe
Size

4.6MB
MD5

b34d31d3b257d61f6ffcf5680910e121
SHA1

bf0b80b5a59790408f781c93ff18b4fd3cd00522
SHA256

0a06210e1d357a31439b3dc2b3a38746eb071a3451111f56608d2ea66bbf03ab
SHA512

0c9020a2889ba834becd6e247b875e116421df991bf61a4b3ca4d2d1253562e0cd5e3fa7fde3338e4052592d430a3f98ae08954381b52ab714f53aff0a296ee4
SSDEEP

98304:NRguYNMsF0FPCYyvR/kYu6kFEOAElyad:NRgHOsF0FK9vZk36zOAEl

Score

1^/10

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

Eagle Monitor RAT Reborn (x64).exe

pid	process
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe
3408	Eagle Monitor RAT Reborn (x64).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

Eagle Monitor RAT Reborn (x64).exe

description	pid	process
Token: SeDebugPrivilege	3408	Eagle Monitor RAT Reborn (x64).exe
Token: 33	3408	Eagle Monitor RAT Reborn (x64).exe
Token: SeIncBasePriorityPrivilege	3408	Eagle Monitor RAT Reborn (x64).exe
Token: 33	3408	Eagle Monitor RAT Reborn (x64).exe
Token: SeIncBasePriorityPrivilege	3408	Eagle Monitor RAT Reborn (x64).exe
Token: 33	3408	Eagle Monitor RAT Reborn (x64).exe
Token: SeIncBasePriorityPrivilege	3408	Eagle Monitor RAT Reborn (x64).exe

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1840

memory/3408-133-0x0000020113AB0000-0x0000020113F54000-memory.dmp

Filesize
4.6MB

Download
memory/3408-134-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download
memory/3408-135-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download
memory/3408-136-0x0000020134900000-0x0000020134922000-memory.dmp

Filesize
136KB

Download
memory/3408-137-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download
memory/3408-138-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download
memory/3408-139-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download
memory/3408-140-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download
memory/3408-141-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download
memory/3408-142-0x0000020115A80000-0x0000020115A90000-memory.dmp

Filesize
64KB

Download