Overview

overview

10

Static

static

3

1a20021098...a6.exe

windows7-x64

10

1a20021098...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2023 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a200210984823b64eb5a2e6755788a6.exe

  • Size

    756KB

  • MD5

    1a200210984823b64eb5a2e6755788a6

  • SHA1

    476542bb2a5305f712fb6ac58ca108e5092719ee

  • SHA256

    67baa0a5363ffc4e8d1d911e511a20311daace6c34288c239ba80ab4581bc711

  • SHA512

    4b9d06db2847d8ac64f267f9606c63ef6b4a2b5ae34bef85f3fefed07bd745e782fbe0022981e2b7c68378ee41b8ed6421a20ce57da74d57944a9656dbd43f0e

  • SSDEEP

    12288:wh1Lk70Tnvjc+tfHqf2ngLtsyikzTyNzHDKtnzIpA4Pz8sN/i85/rzfzrKvqmvvS:Mk70Trc+pKf2gL3lT2wzIpBPzHpjXrKQ

Score
10/10
ploutusatmbackdoor

Malware Config

Signatures

  • Detected Ploutus loader 34 IoCs
  • Ploutus

    Ploutus is an ATM malware written in C#.

    backdooratmploutus
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a200210984823b64eb5a2e6755788a6.exe
    "C:\Users\Admin\AppData\Local\Temp\1a200210984823b64eb5a2e6755788a6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3520-0-0x00000000749C0000-0x0000000075170000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3520-1-0x00000000024A0000-0x00000000024B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3520-2-0x0000000004EC0000-0x0000000004FB0000-memory.dmp

    Filesize

    960KB

    Download

  • memory/3520-3-0x0000000004DC0000-0x0000000004EAE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/3520-4-0x0000000004FB0000-0x0000000005554000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3520-5-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-14-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-20-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-24-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-28-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-30-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-34-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-36-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-40-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-44-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-48-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-50-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-52-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-58-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-60-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-64-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-68-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-66-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-62-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-56-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-54-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-46-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-42-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-38-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-32-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-26-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-22-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-18-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-16-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-12-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-10-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-8-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-6-0x0000000004DC0000-0x0000000004EA8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3520-1054-0x00000000749C0000-0x0000000075170000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3520-1052-0x00000000026B0000-0x00000000026B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-1051-0x00000000024A0000-0x00000000024B0000-memory.dmp

    Filesize

    64KB

    Download