37beb1f79fe1dd0f5891b5bce0a28acfb79e6387c345e7344b5a7e4e699425f2

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2023 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Valyse Launcher (1).exe
Size

2.7MB
MD5

54e7d55bb6fc73c1c7fd851d260d0101
SHA1

efa88fd00510cfbf1226386114df07142ed1569d
SHA256

37beb1f79fe1dd0f5891b5bce0a28acfb79e6387c345e7344b5a7e4e699425f2
SHA512

c97bc25478b6361a300a75907597a2e4cc1ac2c9e460c43fcc186486da39872584594de65a3a4f0cbd23d097b74a6e323759b1af95fffd6aa9db8e3bcab4733d
SSDEEP

49152:4In+z8/YZ1SumIQMRiHNjS+fdKZiuubngyRiDDUXBzJHqBwbxVD:4h5Z1uI7MXgMi3sH3

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4636	Valyse Launcher (1).exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4636	Valyse Launcher (1).exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3404	1052	cmd.exe	98
PID 1052 wrote to memory of 3404	1052	cmd.exe	98
PID 1052 wrote to memory of 3404	1052	cmd.exe	98
PID 1052 wrote to memory of 4192	1052	cmd.exe	99
PID 1052 wrote to memory of 4192	1052	cmd.exe	99
PID 1052 wrote to memory of 4192	1052	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe
"C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4636

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe
  "Valyse Launcher (1).exe"
  2⤵
  PID:3404
- C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe
  "Valyse Launcher (1).exe"
  2⤵
  PID:4192
- C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe
  "Valyse Launcher (1).exe"
  2⤵
  PID:1700
- C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe
  "Valyse Launcher (1).exe"
  2⤵
  PID:3632
- C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe
  "Valyse Launcher (1).exe"
  2⤵
  PID:2624
- C:\Users\Admin\AppData\Local\Temp\Valyse Launcher (1).exe
  "Valyse Launcher (1).exe"
  2⤵
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-14-0x0000000005AD0000-0x0000000005AE0000-memory.dmp

Filesize
64KB

Download
memory/1700-13-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/2624-18-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/2624-16-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/3404-10-0x0000000005800000-0x0000000005810000-memory.dmp

Filesize
64KB

Download
memory/3404-19-0x0000000005800000-0x0000000005810000-memory.dmp

Filesize
64KB

Download
memory/3404-17-0x0000000005800000-0x0000000005810000-memory.dmp

Filesize
64KB

Download
memory/3404-9-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/3632-20-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/3632-12-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/4192-15-0x0000000002C40000-0x0000000002C50000-memory.dmp

Filesize
64KB

Download
memory/4192-11-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/4636-8-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/4636-7-0x0000000005320000-0x0000000005330000-memory.dmp

Filesize
64KB

Download
memory/4636-6-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/4636-1-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/4636-5-0x000000000A0D0000-0x000000000A0DE000-memory.dmp

Filesize
56KB

Download
memory/4636-4-0x000000000A100000-0x000000000A138000-memory.dmp

Filesize
224KB

Download
memory/4636-3-0x0000000005320000-0x0000000005330000-memory.dmp

Filesize
64KB

Download
memory/4636-2-0x0000000005320000-0x0000000005330000-memory.dmp

Filesize
64KB

Download
memory/4636-0-0x0000000000560000-0x0000000000822000-memory.dmp

Filesize
2.8MB

Download