Analysis Overview
SHA256
3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6
Threat Level: Shows suspicious behavior
The file Mercurial.Grabber.v1.03.rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-04-07 22:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-07 22:38
Reported
2023-04-07 22:39
Platform
win10-20230220-en
Max time kernel
52s
Max time network
60s
Command Line
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.208:443 | tcp | |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
Files
memory/2012-121-0x0000000000670000-0x00000000009AA000-memory.dmp
memory/2012-122-0x0000000005840000-0x0000000005D3E000-memory.dmp
memory/2012-123-0x0000000005220000-0x00000000052B2000-memory.dmp
memory/2012-124-0x00000000051D0000-0x00000000051DA000-memory.dmp
memory/2012-125-0x00000000051E0000-0x00000000051FC000-memory.dmp
memory/2012-126-0x0000000005410000-0x0000000005430000-memory.dmp
memory/2012-127-0x0000000005440000-0x0000000005460000-memory.dmp
memory/2012-128-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-129-0x0000000005460000-0x0000000005470000-memory.dmp
memory/2012-130-0x0000000005490000-0x00000000054A4000-memory.dmp
memory/2012-131-0x00000000054A0000-0x000000000550E000-memory.dmp
memory/2012-132-0x0000000005520000-0x000000000553E000-memory.dmp
memory/2012-133-0x0000000005550000-0x0000000005586000-memory.dmp
memory/2012-134-0x00000000055A0000-0x00000000055AE000-memory.dmp
memory/2012-135-0x00000000055B0000-0x00000000055BE000-memory.dmp
memory/2012-136-0x0000000005D40000-0x0000000005E8A000-memory.dmp
memory/2012-137-0x0000000005E90000-0x0000000005FA6000-memory.dmp
memory/2012-138-0x0000000005FB0000-0x0000000005FE0000-memory.dmp
memory/2012-139-0x0000000008B70000-0x0000000008B78000-memory.dmp
memory/2012-140-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-141-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-142-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-143-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-144-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-145-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-146-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-147-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-148-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-149-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-150-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-151-0x000000000C650000-0x000000000C750000-memory.dmp
memory/2012-152-0x0000000005330000-0x0000000005340000-memory.dmp
memory/2012-153-0x000000000C650000-0x000000000C750000-memory.dmp
memory/2012-154-0x000000000C650000-0x000000000C750000-memory.dmp
memory/2012-155-0x000000000C650000-0x000000000C750000-memory.dmp
memory/2012-156-0x000000000C650000-0x000000000C750000-memory.dmp
memory/2012-157-0x000000000C650000-0x000000000C750000-memory.dmp