Overview

overview

10

Static

static

10

Rebel Inc ...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    28s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    28-07-2023 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rebel Inc Escalation v1.0 Plus 9 Trainer.exe

  • Size

    1.3MB

  • MD5

    f1e2117614950aba73934a5c7b9a8dd2

  • SHA1

    a4204923b35d864e0b178f1e9e08b65b033b0460

  • SHA256

    8f37bd1b796e2d29fa2fdb2aea3f768e631cab7d2c2a070cebe58eb69f4fa778

  • SHA512

    6fec085daf4bb682e5704bd11a9d935206844c9a62cb5265aec824fe5654226ce384c94ae966f9b4d84256d85aa960f7543adff755092f836b0affad80e44591

  • SSDEEP

    24576:h4PuJonuX0hltesZspV/hbbJ74A9eDSbYPm:h4ionc0TMlxV779+P

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rebel Inc Escalation v1.0 Plus 9 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Rebel Inc Escalation v1.0 Plus 9 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2488-133-0x00007FFB5C010000-0x00007FFB5CAD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2488-134-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-135-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-136-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-137-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-138-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-139-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-140-0x000001DCA79E0000-0x000001DCA7AE4000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2488-150-0x00007FFB5C010000-0x00007FFB5CAD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2488-151-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-152-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-153-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-154-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-155-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-156-0x000001DCA4D10000-0x000001DCA4D20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2488-160-0x00007FFB5C010000-0x00007FFB5CAD1000-memory.dmp

    Filesize

    10.8MB

    Download