Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
09-08-2023 21:01
Behavioral task
behavioral1
Sample
9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96.exe
Resource
win7-20230712-en
windows7-x64
4 signatures
150 seconds
General
-
Target
9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96.exe
-
Size
4.5MB
-
MD5
f8fa39cf33a4769e59de95c54089904f
-
SHA1
f89ab47216e43e7deb1e639324e360d18c671090
-
SHA256
9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96
-
SHA512
46ab9bc7ff697fdf4c5ba9148df07ac7d290f82658acc37acc7e2cbfef6eefe03a155ea51959f984dbe1fc87f3bc6250d272f05d3fc31cbb54c982477e03fd9e
-
SSDEEP
98304:50aXoeSvJGvXMvURUC4lo2ywdwkKVHiJvQ/G0Jd7nxfFPK0NvRtB:ivJgXYUaCYoxwdw5VH8vQ/9Jd7nxfFPh
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2120-137-0x0000000000400000-0x00000000005B5000-memory.dmp purplefox_rootkit behavioral2/memory/2120-138-0x0000000010000000-0x00000000101B0000-memory.dmp purplefox_rootkit behavioral2/memory/2120-155-0x0000000000400000-0x00000000005B5000-memory.dmp purplefox_rootkit -
Processes:
resource yara_rule behavioral2/memory/2120-133-0x0000000000400000-0x00000000005B5000-memory.dmp upx behavioral2/memory/2120-134-0x0000000000400000-0x00000000005B5000-memory.dmp upx behavioral2/memory/2120-136-0x0000000000400000-0x00000000005B5000-memory.dmp upx behavioral2/memory/2120-137-0x0000000000400000-0x00000000005B5000-memory.dmp upx behavioral2/memory/2120-155-0x0000000000400000-0x00000000005B5000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96.exedescription pid process Token: 33 2120 9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96.exe Token: SeIncBasePriorityPrivilege 2120 9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96.exe Token: 33 2120 9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96.exe Token: SeIncBasePriorityPrivilege 2120 9362bf6ffd3956f58e67f0c0e6d6ae4818384c29039400051cfb6b8ff1717c96.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2120-133-0x0000000000400000-0x00000000005B5000-memory.dmpFilesize
1.7MB
-
memory/2120-134-0x0000000000400000-0x00000000005B5000-memory.dmpFilesize
1.7MB
-
memory/2120-136-0x0000000000400000-0x00000000005B5000-memory.dmpFilesize
1.7MB
-
memory/2120-137-0x0000000000400000-0x00000000005B5000-memory.dmpFilesize
1.7MB
-
memory/2120-138-0x0000000010000000-0x00000000101B0000-memory.dmpFilesize
1.7MB
-
memory/2120-155-0x0000000000400000-0x00000000005B5000-memory.dmpFilesize
1.7MB