Overview

overview

10

Static

static

3

1a20021098...a6.exe

windows7-x64

10

1a20021098...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2023 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a200210984823b64eb5a2e6755788a6.exe

  • Size

    756KB

  • MD5

    1a200210984823b64eb5a2e6755788a6

  • SHA1

    476542bb2a5305f712fb6ac58ca108e5092719ee

  • SHA256

    67baa0a5363ffc4e8d1d911e511a20311daace6c34288c239ba80ab4581bc711

  • SHA512

    4b9d06db2847d8ac64f267f9606c63ef6b4a2b5ae34bef85f3fefed07bd745e782fbe0022981e2b7c68378ee41b8ed6421a20ce57da74d57944a9656dbd43f0e

  • SSDEEP

    12288:wh1Lk70Tnvjc+tfHqf2ngLtsyikzTyNzHDKtnzIpA4Pz8sN/i85/rzfzrKvqmvvS:Mk70Trc+pKf2gL3lT2wzIpBPzHpjXrKQ

Score
10/10
ploutusatmbackdoor

Malware Config

Signatures

  • Detected Ploutus loader 34 IoCs
  • Ploutus

    Ploutus is an ATM malware written in C#.

    backdooratmploutus
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a200210984823b64eb5a2e6755788a6.exe
    "C:\Users\Admin\AppData\Local\Temp\1a200210984823b64eb5a2e6755788a6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2516-0-0x0000000074BF0000-0x00000000752DE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2516-1-0x0000000004BF0000-0x0000000004C30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2516-2-0x0000000004A90000-0x0000000004B80000-memory.dmp
    Filesize

    960KB

    Download
  • memory/2516-3-0x0000000004BF0000-0x0000000004C30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2516-4-0x0000000002590000-0x000000000267E000-memory.dmp
    Filesize

    952KB

    Download
  • memory/2516-5-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-10-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-8-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-16-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-18-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-20-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-22-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-28-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-30-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-32-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-34-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-26-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-24-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-36-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-14-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-12-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-38-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-6-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-40-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-44-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-48-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-50-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-52-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-54-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-62-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-66-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-68-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-64-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-60-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-58-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-56-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-46-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-42-0x0000000002590000-0x0000000002678000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2516-1051-0x0000000004BF0000-0x0000000004C30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2516-1052-0x0000000002010000-0x0000000002011000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2516-1053-0x0000000074BF0000-0x00000000752DE000-memory.dmp
    Filesize

    6.9MB

    Download