Overview

overview

6

Static

static

3

Generator v1.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    1397s
  • max time network
    1160s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/02/2024, 10:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Generator v1.exe

  • Size

    56.7MB

  • MD5

    99ac8ae526246d7451620c254004b8cf

  • SHA1

    a44d01482c18da96224df99d9757fb2011853791

  • SHA256

    c04fa085a23bd995f921543888257b7354e43508b690b2b1872e0986f9ae82a6

  • SHA512

    40718cbdc00d4f6bd3dfc821e76bd03ea80a7cb49464eb59d53eff2950f9a3c9f0fcd6c229aa444f5e55edbe0d8db176f0c3b9f3ecba0027b6da9ed3162ee966

  • SSDEEP

    393216:6aecA52coBwmxXNWNilGKr/DwZaGcjK0fRHPCM3iSgSBt2h2vP7o3a9CcwTWBvFN:6dyicx5VtXcuCcwTpHFvbS

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Generator v1.exe
    "C:\Users\Admin\AppData\Local\Temp\Generator v1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Windows\system32\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:3044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads