Resubmissions
11-12-2023 15:39
231211-s3p6bacbh4 710-12-2023 15:26
231210-st8w3afacp 709-12-2023 14:29
231209-rt1p1sghcj 709-12-2023 11:42
231209-nvdebshff5 1008-12-2023 15:15
231208-smy4aaccf9 1005-12-2023 15:49
231205-s9fkfsce49 1005-12-2023 04:28
231205-e34f2shb9w 10Analysis
-
max time kernel
62s -
max time network
62s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
10-12-2023 15:26
Static task
static1
Behavioral task
behavioral1
Sample
dac.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
dac.exe
Resource
win10-20231129-en
Behavioral task
behavioral3
Sample
dac.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral4
Sample
dac.exe
Resource
win11-20231129-en
General
-
Target
dac.exe
-
Size
22.6MB
-
MD5
111983bd0209f1541e9d1ee618be1c45
-
SHA1
cf15e95ad616bbf3b806b0f6b7290cc14c6b557e
-
SHA256
af582ce1d3bbc2d9201c81a058203e96f81087433b80ddd85f8eb1a66faa8d31
-
SHA512
6c1e810557acffc3c10213aa663b7527f4808b418e80c3c5610a5489994138236457aad1ffd28861b912add0aaa66053a4cdac2b3a47167d075f8e9b2d592511
-
SSDEEP
393216:oHqEnUyriULZiXg6LPmmG3z7z/wQ74cZd060stbgB7OrowyVm9fC8:fXyriULZikmG3zP/p748d0LsqB7uyI48
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral3/memory/3940-0-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral3/memory/3940-2-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral3/memory/3940-3-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral3/memory/3940-5-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral3/memory/3940-4-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral3/memory/3940-1-0x0000000180000000-0x0000000180033000-memory.dmp upx behavioral3/memory/3940-12-0x0000000180000000-0x0000000180033000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
dac.exedescription pid process Token: SeShutdownPrivilege 3940 dac.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
dac.exepid process 3940 dac.exe 3940 dac.exe