Overview
overview
10Static
static
10Endermanch...is.exe
windows7-x64
1Endermanch...is.exe
windows10-2004-x64
Endermanch...ug.exe
windows7-x64
6Endermanch...ug.exe
windows10-2004-x64
6Endermanch...ck.exe
windows7-x64
7Endermanch...ck.exe
windows10-2004-x64
7Endermanch...om.exe
windows7-x64
1Endermanch...om.exe
windows10-2004-x64
1Endermanch...le.exe
windows7-x64
1Endermanch...le.exe
windows10-2004-x64
1Endermanch...er.exe
windows7-x64
7Endermanch...er.exe
windows10-2004-x64
7Endermanch...er.exe
windows7-x64
7Endermanch...er.exe
windows10-2004-x64
7Endermanch...er.exe
windows7-x64
Endermanch...er.exe
windows10-2004-x64
Endermanch...us.exe
windows7-x64
1Endermanch...us.exe
windows10-2004-x64
1Endermanch....C.exe
windows7-x64
10Endermanch....C.exe
windows10-2004-x64
10Endermanch...rd.exe
windows7-x64
10Endermanch...rd.exe
windows10-2004-x64
9Endermanch...a2.exe
windows7-x64
1Endermanch...a2.exe
windows10-2004-x64
1Endermanch...19.exe
windows7-x64
7Endermanch...19.exe
windows10-2004-x64
7Endermanch...eg.exe
windows7-x64
7Endermanch...eg.exe
windows10-2004-x64
3Endermanch...1).exe
windows7-x64
3Endermanch...1).exe
windows10-2004-x64
3Endermanch...ld.exe
windows7-x64
3Endermanch...ld.exe
windows10-2004-x64
3Resubmissions
03-07-2024 22:59
240703-2yn7wszhlp 1003-07-2024 16:13
240703-tn93lsyglf 1003-07-2024 16:11
240703-tm84xsyfma 1010-05-2024 16:25
240510-tw1h5shh47 1024-08-2023 11:16
230824-nda8msdf8z 10Analysis
-
max time kernel
132s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2023 06:25
Static task
static1
Behavioral task
behavioral29
Sample
Endermanch@NavaShield(1).exe
Resource
win7-20230712-en
Behavioral task
behavioral30
Sample
Endermanch@NavaShield(1).exe
Resource
win10v2004-20230703-en
General
-
Target
-
Size
1.9MB
-
MD5
cb02c0438f3f4ddabce36f8a26b0b961
-
SHA1
48c4fcb17e93b74030415996c0ec5c57b830ea53
-
SHA256
64677f7767d6e791341b2eac7b43df90d39d9bdf26d21358578d2d38037e2c32
-
SHA512
373f91981832cd9a1ff0b8744b43c7574b72971b5b6b19ea1f4665b6c878f7a1c7834ac08b92e0eca299eb4b590bf10f48a0485350a77a5f85fc3d2dd6913db3
-
SSDEEP
49152:p/VoMTzwF77l0VqmuTefhLTtk31XyXb9:ptoMTzwVmq3ettk31ob9
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid Process Token: 33 1352 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1352 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
pid Process 3524 [email protected] -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
pid Process 3524 [email protected]
Processes
-
C:\Users\Admin\AppData\Local\Temp\[email protected]"C:\Users\Admin\AppData\Local\Temp\[email protected]"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3524
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4a0 0x4981⤵
- Suspicious use of AdjustPrivilegeToken
PID:1352