Analysis
-
max time kernel
94s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24-02-2024 20:54
Behavioral task
behavioral1
Sample
Inject.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
Inject.exe
-
Size
329KB
-
MD5
89cc770b6447e15e9318a55ecac1a19c
-
SHA1
1b53c2f6f11adfaea6035e2e79d1a7d043336437
-
SHA256
54d9c1b7a9d3550cad521496093a4020462c62bbf7214c8a81a9ea5f709dc87a
-
SHA512
cda1dec79bc9bf30024dd5aac5280f3083296c22531cf83ce2e7f96ecee448bff714969b484867eb76ccec07ee7d54d616f13711b3c537fd1fc669421ad50816
-
SSDEEP
6144:vloZM3fsXtioRkts/cnnK6cMl6lyiRwMS1NmOzus9x4pFb8e1moimi:NoZ1tlRk83MlXiRwMS1NmOzus9x4nKd
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral1/memory/4264-0-0x000001F1D8A50000-0x000001F1D8AA8000-memory.dmp family_umbral -
Suspicious use of AdjustPrivilegeToken 43 IoCs
description pid Process Token: SeDebugPrivilege 4264 Inject.exe Token: SeIncreaseQuotaPrivilege 2084 wmic.exe Token: SeSecurityPrivilege 2084 wmic.exe Token: SeTakeOwnershipPrivilege 2084 wmic.exe Token: SeLoadDriverPrivilege 2084 wmic.exe Token: SeSystemProfilePrivilege 2084 wmic.exe Token: SeSystemtimePrivilege 2084 wmic.exe Token: SeProfSingleProcessPrivilege 2084 wmic.exe Token: SeIncBasePriorityPrivilege 2084 wmic.exe Token: SeCreatePagefilePrivilege 2084 wmic.exe Token: SeBackupPrivilege 2084 wmic.exe Token: SeRestorePrivilege 2084 wmic.exe Token: SeShutdownPrivilege 2084 wmic.exe Token: SeDebugPrivilege 2084 wmic.exe Token: SeSystemEnvironmentPrivilege 2084 wmic.exe Token: SeRemoteShutdownPrivilege 2084 wmic.exe Token: SeUndockPrivilege 2084 wmic.exe Token: SeManageVolumePrivilege 2084 wmic.exe Token: 33 2084 wmic.exe Token: 34 2084 wmic.exe Token: 35 2084 wmic.exe Token: 36 2084 wmic.exe Token: SeIncreaseQuotaPrivilege 2084 wmic.exe Token: SeSecurityPrivilege 2084 wmic.exe Token: SeTakeOwnershipPrivilege 2084 wmic.exe Token: SeLoadDriverPrivilege 2084 wmic.exe Token: SeSystemProfilePrivilege 2084 wmic.exe Token: SeSystemtimePrivilege 2084 wmic.exe Token: SeProfSingleProcessPrivilege 2084 wmic.exe Token: SeIncBasePriorityPrivilege 2084 wmic.exe Token: SeCreatePagefilePrivilege 2084 wmic.exe Token: SeBackupPrivilege 2084 wmic.exe Token: SeRestorePrivilege 2084 wmic.exe Token: SeShutdownPrivilege 2084 wmic.exe Token: SeDebugPrivilege 2084 wmic.exe Token: SeSystemEnvironmentPrivilege 2084 wmic.exe Token: SeRemoteShutdownPrivilege 2084 wmic.exe Token: SeUndockPrivilege 2084 wmic.exe Token: SeManageVolumePrivilege 2084 wmic.exe Token: 33 2084 wmic.exe Token: 34 2084 wmic.exe Token: 35 2084 wmic.exe Token: 36 2084 wmic.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4264 wrote to memory of 2084 4264 Inject.exe 87 PID 4264 wrote to memory of 2084 4264 Inject.exe 87