afea8e29447ebe85480428e2ad947457d515968694dcb5d721886ad1d5945459

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10-10-2023 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ucaai.exe
Size

590KB
MD5

a3128c8b67fd08ae19dd966bef878cb4
SHA1

8e636f183d7185b23f9894bad847d1ada4561252
SHA256

afea8e29447ebe85480428e2ad947457d515968694dcb5d721886ad1d5945459
SHA512

caf3e8071c53c0838514110658a36deff6f90a205b941010537a95f8650181a16ca9c1776e2593bce52cea440fa7348937ff928e28b8553bb0f00201403a8fc5
SSDEEP

12288:4ES8ryazt80P6Etvu/2oALepFUAPU5bJb+a2HbTFDBWELTpKHf:4UJnLepFUAPU59bObTNL/YHf

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Ucaai.exe

description pid process

Token: SeDebugPrivilege 1288 Ucaai.exe

description	pid	process
Token: SeDebugPrivilege	1288	Ucaai.exe

C:\Users\Admin\AppData\Local\Temp\Ucaai.exe
"C:\Users\Admin\AppData\Local\Temp\Ucaai.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1288-0-0x00000000001B0000-0x0000000000248000-memory.dmp

Filesize
608KB

Download
memory/1288-1-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download
memory/1288-2-0x0000000000250000-0x00000000002D0000-memory.dmp

Filesize
512KB

Download
memory/1288-3-0x0000000000150000-0x000000000015A000-memory.dmp

Filesize
40KB

Download
memory/1288-4-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download
memory/1288-5-0x0000000000250000-0x00000000002D0000-memory.dmp

Filesize
512KB

Download