6aba385a7a0c893062c1cb0ebd77a7bad94887c3ff257291092826b4fe5133be

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

326ec84b8a9387be5ede2cd72477cfa6.exe
Size

383KB
MD5

326ec84b8a9387be5ede2cd72477cfa6
SHA1

16adf914582eeae496995c41a2eb1ccceb912f99
SHA256

6aba385a7a0c893062c1cb0ebd77a7bad94887c3ff257291092826b4fe5133be
SHA512

e01fd3d936563ebcb7ee954bf6719e1509f82cc637853c4e7bb58c1a679fe05e9fb4ffcc72372ade399a3a8430f8bbfadce0eedbfb8f2de8e0dc1caddfeff725
SSDEEP

6144:teERLmLLLLLLLLLCjbOsE84eBE9LmLLLLLLLLL2jbrsE84:tRblE8ibwE8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4364	326ec84b8a9387be5ede2cd72477cfa6.exe

C:\Users\Admin\AppData\Local\Temp\326ec84b8a9387be5ede2cd72477cfa6.exe
"C:\Users\Admin\AppData\Local\Temp\326ec84b8a9387be5ede2cd72477cfa6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Launcher.exe

Filesize
180.8MB

MD5
00f7b7ed6d7ac2a027cb73050ba31a8b

SHA1
f95548b9238edd833baa94afc6326609d3400fa7

SHA256
bf9b203fef6e43bc37e366c445f0d74b5a1e9d183c8c07f335871655e2dc12cc

SHA512
bd22210959d97aea5287e9adba4be2ad8ee7490f58f546a474fdf99fe0e04be0b946828b05b2fde2d1facaddc89a61d1f99e7a72c2be861ebd375a074d75a6ad

Download Submit
C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Minimal.exe

Filesize
108KB

MD5
5b7675ce0e9fb5054727d031d005ba0c

SHA1
01a7dd9334cdd923a200b9e8b1e66a6486a301cf

SHA256
5c9ede70e07a1bf21e1bb3a669ea8629a96162bf5ccb60cbcc209be65bbcabeb

SHA512
e78d62d2a0cf43e504110d7fabf1803191844e6fa6bcf7749a168d4cb5a681e144ec0ea292d6110a48a460f2c431b2711eb5cfea2ea2212129523dcc32d5009d

Download Submit
memory/4364-141-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/4364-142-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/4364-137-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/4364-138-0x00000000052E0000-0x00000000052EA000-memory.dmp

Filesize
40KB

Download
memory/4364-139-0x0000000005460000-0x0000000005470000-memory.dmp

Filesize
64KB

Download
memory/4364-140-0x0000000074ED0000-0x0000000075680000-memory.dmp

Filesize
7.7MB

Download
memory/4364-133-0x0000000074ED0000-0x0000000075680000-memory.dmp

Filesize
7.7MB

Download
memory/4364-136-0x00000000052F0000-0x0000000005382000-memory.dmp

Filesize
584KB

Download
memory/4364-144-0x0000000007F80000-0x0000000007F8A000-memory.dmp

Filesize
40KB

Download
memory/4364-145-0x0000000007FB0000-0x0000000007FC2000-memory.dmp

Filesize
72KB

Download
memory/4364-152-0x00000000085C0000-0x0000000008636000-memory.dmp

Filesize
472KB

Download
memory/4364-153-0x00000000088E0000-0x00000000088FE000-memory.dmp

Filesize
120KB

Download
memory/4364-135-0x00000000057A0000-0x0000000005D44000-memory.dmp

Filesize
5.6MB

Download
memory/4364-134-0x00000000008A0000-0x0000000000906000-memory.dmp

Filesize
408KB

Download
memory/4364-166-0x0000000074ED0000-0x0000000075680000-memory.dmp

Filesize
7.7MB

Download