Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05-01-2024 11:34
Behavioral task
behavioral1
Sample
439442042b8f97837925b5a858b7fb3e.exe
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
General
-
Target
439442042b8f97837925b5a858b7fb3e.exe
-
Size
213KB
-
MD5
439442042b8f97837925b5a858b7fb3e
-
SHA1
0a524b97d4e1e1b0407a1348c154877964470de2
-
SHA256
f27893a397e299561cd5aae7d4598aa2623fedb3155f6003c111126599887bb4
-
SHA512
fd0297f321b3b35a9eabd0dda667fe65ff07a800baf9109c1aeb3443ee210bb22b4c6e9ff5106ff4b720f51138e0240a8a9baf176053954c6c6715a0ac10d525
-
SSDEEP
6144:FOmaqXgRvpbQda7JumO8U7UFyiEf4DFXXfARSLZVn:FpQnJuJh7UFIf4RLZ
Malware Config
Signatures
-
Poullight Stealer payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3764-0-0x00000237B27D0000-0x00000237B280C000-memory.dmp family_poullight -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
439442042b8f97837925b5a858b7fb3e.exepid process 3764 439442042b8f97837925b5a858b7fb3e.exe 3764 439442042b8f97837925b5a858b7fb3e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
439442042b8f97837925b5a858b7fb3e.exedescription pid process Token: SeDebugPrivilege 3764 439442042b8f97837925b5a858b7fb3e.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3764-0-0x00000237B27D0000-0x00000237B280C000-memory.dmpFilesize
240KB
-
memory/3764-2-0x00000237CCC80000-0x00000237CCC90000-memory.dmpFilesize
64KB
-
memory/3764-1-0x00007FFAE3BE0000-0x00007FFAE46A1000-memory.dmpFilesize
10.8MB
-
memory/3764-3-0x00000237CCEA0000-0x00000237CCEAA000-memory.dmpFilesize
40KB
-
memory/3764-8-0x00007FFAE3BE0000-0x00007FFAE46A1000-memory.dmpFilesize
10.8MB