37742cddc612534d83f1007a2525597e5373ab439bc65cabf7db3c2b218c242d

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 14:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PBDownForce/PBDownForce.exe
Size

2.1MB
MD5

d8f05faf3075dcff55593d1a6b757c1d
SHA1

cd6f6fcb13c399786afed45c28edb8934875d90b
SHA256

e0b916612d2c68dfcf7bebd04db8ba74e3cf3c194db608fa93600301029d0ac4
SHA512

1c503515206158b54f8cf7945b4509cb5de9b85a42939a526553a81f20e2da7544d4b2c76f6e8d1732d7bda22749a4bbc83e1d50b70e303eaf059ba0a637b160
SSDEEP

49152:n7uvceJqSDE7vBfQi65GP841jNs7tNQxTgmstn5FeG:niJqSo9Qi65eNwNQxTgm+5cG

Score

1^/10

Malware Config

Signatures

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	1828	PBDownForce.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1828	PBDownForce.exe
1828	PBDownForce.exe

C:\Users\Admin\AppData\Local\Temp\PBDownForce\PBDownForce.exe
"C:\Users\Admin\AppData\Local\Temp\PBDownForce\PBDownForce.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1828-0-0x0000000000400000-0x00000000007BB000-memory.dmp

Filesize
3.7MB

Download
memory/1828-2-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1828-4-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/1828-11-0x0000000003650000-0x0000000003654000-memory.dmp

Filesize
16KB

Download
memory/1828-53-0x00000000036F0000-0x00000000036F1000-memory.dmp

Filesize
4KB

Download
memory/1828-63-0x0000000003890000-0x0000000003891000-memory.dmp

Filesize
4KB

Download
memory/1828-62-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/1828-61-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/1828-60-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/1828-59-0x0000000003830000-0x0000000003831000-memory.dmp

Filesize
4KB

Download
memory/1828-58-0x0000000003840000-0x0000000003841000-memory.dmp

Filesize
4KB

Download
memory/1828-57-0x0000000003810000-0x0000000003811000-memory.dmp

Filesize
4KB

Download
memory/1828-56-0x0000000003820000-0x0000000003821000-memory.dmp

Filesize
4KB

Download
memory/1828-55-0x00000000037F0000-0x00000000037F1000-memory.dmp

Filesize
4KB

Download
memory/1828-54-0x0000000003800000-0x0000000003801000-memory.dmp

Filesize
4KB

Download
memory/1828-52-0x00000000036E0000-0x00000000036E1000-memory.dmp

Filesize
4KB

Download
memory/1828-51-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/1828-50-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/1828-49-0x00000000037E0000-0x00000000037E1000-memory.dmp

Filesize
4KB

Download
memory/1828-48-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/1828-47-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/1828-46-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/1828-45-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/1828-44-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/1828-43-0x0000000003780000-0x0000000003781000-memory.dmp

Filesize
4KB

Download
memory/1828-42-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/1828-41-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/1828-40-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/1828-39-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/1828-38-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/1828-37-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/1828-36-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/1828-35-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/1828-34-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/1828-33-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/1828-32-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/1828-31-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/1828-30-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/1828-29-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/1828-28-0x0000000003700000-0x0000000003702000-memory.dmp

Filesize
8KB

Download
memory/1828-27-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download
memory/1828-26-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/1828-25-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1828-24-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/1828-23-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1828-22-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/1828-21-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/1828-20-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/1828-19-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/1828-18-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/1828-17-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1828-16-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/1828-15-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/1828-14-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/1828-13-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/1828-12-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/1828-10-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/1828-9-0x0000000003660000-0x0000000003661000-memory.dmp

Filesize
4KB

Download
memory/1828-8-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/1828-7-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/1828-6-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/1828-5-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/1828-3-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/1828-1-0x0000000002480000-0x00000000024D4000-memory.dmp

Filesize
336KB

Download
memory/1828-77-0x0000000000400000-0x00000000007BB000-memory.dmp

Filesize
3.7MB

Download
memory/1828-78-0x0000000000400000-0x00000000007BB000-memory.dmp

Filesize
3.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads