Analysis
-
max time kernel
118s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05-01-2024 11:34
Behavioral task
behavioral1
Sample
439442042b8f97837925b5a858b7fb3e.exe
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
439442042b8f97837925b5a858b7fb3e.exe
-
Size
213KB
-
MD5
439442042b8f97837925b5a858b7fb3e
-
SHA1
0a524b97d4e1e1b0407a1348c154877964470de2
-
SHA256
f27893a397e299561cd5aae7d4598aa2623fedb3155f6003c111126599887bb4
-
SHA512
fd0297f321b3b35a9eabd0dda667fe65ff07a800baf9109c1aeb3443ee210bb22b4c6e9ff5106ff4b720f51138e0240a8a9baf176053954c6c6715a0ac10d525
-
SSDEEP
6144:FOmaqXgRvpbQda7JumO8U7UFyiEf4DFXXfARSLZVn:FpQnJuJh7UFIf4RLZ
Malware Config
Signatures
-
Poullight Stealer payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/3000-0-0x00000000000C0000-0x00000000000FC000-memory.dmp family_poullight -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
439442042b8f97837925b5a858b7fb3e.exepid process 3000 439442042b8f97837925b5a858b7fb3e.exe 3000 439442042b8f97837925b5a858b7fb3e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
439442042b8f97837925b5a858b7fb3e.exedescription pid process Token: SeDebugPrivilege 3000 439442042b8f97837925b5a858b7fb3e.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3000-0-0x00000000000C0000-0x00000000000FC000-memory.dmpFilesize
240KB
-
memory/3000-1-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmpFilesize
9.9MB
-
memory/3000-2-0x000000001AB40000-0x000000001ABC0000-memory.dmpFilesize
512KB
-
memory/3000-7-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmpFilesize
9.9MB