c3c090b5f4897bc7cb19e493b0bc528ce4ecbac8a6223c46aa3dc28a15f7f8ea

Analysis

max time kernel
60s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2023 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hades v1.0-v1.38 Plus 15 Trainer x64.exe
Size

1.4MB
MD5

d6af8282fe43619a2854dcbb062e5fc5
SHA1

fa2f9972ef8fd64cdbce1764f5846aed1e644973
SHA256

41ce8c8837bc90a3097417346b5e96616a73b34cd00b1d79d90cb9bdeb29c83f
SHA512

db84040f8ee47bc14b00b1690471a1445e09633252894a31116e24b5061450dee687b47e164bdd58f019edaa2b8e233017829b5260d2e0ce7724910f63ba8734
SSDEEP

24576:N9/QSW61N8Lqpgz7R0Ahn5nRQfbJ7MiYPDS/:OeyepURPh5nRQfV7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe
2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2736	Hades v1.0-v1.38 Plus 15 Trainer x64.exe

C:\Users\Admin\AppData\Local\Temp\Hades v1.0-v1.38 Plus 15 Trainer x64.exe
"C:\Users\Admin\AppData\Local\Temp\Hades v1.0-v1.38 Plus 15 Trainer x64.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2736-0-0x0000022DE4370000-0x0000022DE43A2000-memory.dmp

Filesize
200KB

Download
memory/2736-1-0x00007FF9C76B0000-0x00007FF9C8171000-memory.dmp

Filesize
10.8MB

Download
memory/2736-2-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-3-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-4-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-5-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-6-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-16-0x00007FF9C76B0000-0x00007FF9C8171000-memory.dmp

Filesize
10.8MB

Download
memory/2736-17-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-18-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-19-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-20-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-21-0x0000022DFCD30000-0x0000022DFCD40000-memory.dmp

Filesize
64KB

Download
memory/2736-25-0x00007FF9C76B0000-0x00007FF9C8171000-memory.dmp

Filesize
10.8MB

Download