Analysis
-
max time kernel
142s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05-01-2024 11:54
Behavioral task
behavioral1
Sample
439442042b8f97837925b5a858b7fb3e.exe
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
439442042b8f97837925b5a858b7fb3e.exe
-
Size
213KB
-
MD5
439442042b8f97837925b5a858b7fb3e
-
SHA1
0a524b97d4e1e1b0407a1348c154877964470de2
-
SHA256
f27893a397e299561cd5aae7d4598aa2623fedb3155f6003c111126599887bb4
-
SHA512
fd0297f321b3b35a9eabd0dda667fe65ff07a800baf9109c1aeb3443ee210bb22b4c6e9ff5106ff4b720f51138e0240a8a9baf176053954c6c6715a0ac10d525
-
SSDEEP
6144:FOmaqXgRvpbQda7JumO8U7UFyiEf4DFXXfARSLZVn:FpQnJuJh7UFIf4RLZ
Malware Config
Signatures
-
Poullight Stealer payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2564-0-0x0000029AE6810000-0x0000029AE684C000-memory.dmp family_poullight -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
439442042b8f97837925b5a858b7fb3e.exepid process 2564 439442042b8f97837925b5a858b7fb3e.exe 2564 439442042b8f97837925b5a858b7fb3e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
439442042b8f97837925b5a858b7fb3e.exedescription pid process Token: SeDebugPrivilege 2564 439442042b8f97837925b5a858b7fb3e.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2564-0-0x0000029AE6810000-0x0000029AE684C000-memory.dmpFilesize
240KB
-
memory/2564-1-0x00007FF9F9440000-0x00007FF9F9F01000-memory.dmpFilesize
10.8MB
-
memory/2564-2-0x0000029AE8D20000-0x0000029AE8D30000-memory.dmpFilesize
64KB
-
memory/2564-3-0x0000029AE8E60000-0x0000029AE8E6A000-memory.dmpFilesize
40KB
-
memory/2564-8-0x00007FF9F9440000-0x00007FF9F9F01000-memory.dmpFilesize
10.8MB