e598eb216ecf0030b1548718b69f9dcfe1ab0de429730db9f5a61c6b714362da

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 13:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abfb0a0fd494f3cd42ea47dd486aa4d4.exe
Size

35KB
MD5

abfb0a0fd494f3cd42ea47dd486aa4d4
SHA1

b5af4a87f6795bbc0a54fbc79aab544931f350a1
SHA256

e598eb216ecf0030b1548718b69f9dcfe1ab0de429730db9f5a61c6b714362da
SHA512

b5f19e895b316aca4db7e98c272961b75a9046d9e0a3f1d9d040928d1c92fceaae474c7b60efbf6a964828ebba0f78542d967c5b7698ddb81756db6655f8a352
SSDEEP

384:RYdMYEKqM2SDnUHPxhs9cxX5ubKSUUUUUUUUMQr6LWRLJLf4Qv6v3DJfbQ6S8i8O:ReMYL2anUvx/xpuGQRDv6vhN

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2304	abfb0a0fd494f3cd42ea47dd486aa4d4.exe
2304	abfb0a0fd494f3cd42ea47dd486aa4d4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2304	abfb0a0fd494f3cd42ea47dd486aa4d4.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2304	abfb0a0fd494f3cd42ea47dd486aa4d4.exe
2304	abfb0a0fd494f3cd42ea47dd486aa4d4.exe

C:\Users\Admin\AppData\Local\Temp\abfb0a0fd494f3cd42ea47dd486aa4d4.exe
"C:\Users\Admin\AppData\Local\Temp\abfb0a0fd494f3cd42ea47dd486aa4d4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=3136,i,3192284747741020952,1225278682167953346,262144 --variations-seed-version /prefetch:8
1⤵
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-0-0x000000001B140000-0x000000001B1E6000-memory.dmp

Filesize
664KB

Download
memory/2304-1-0x00007FF835F50000-0x00007FF8368F1000-memory.dmp

Filesize
9.6MB

Download
memory/2304-2-0x00007FF835F50000-0x00007FF8368F1000-memory.dmp

Filesize
9.6MB

Download
memory/2304-4-0x000000001B730000-0x000000001BBFE000-memory.dmp

Filesize
4.8MB

Download
memory/2304-3-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-5-0x000000001BCA0000-0x000000001BD3C000-memory.dmp

Filesize
624KB

Download
memory/2304-6-0x0000000000A40000-0x0000000000A48000-memory.dmp

Filesize
32KB

Download
memory/2304-7-0x000000001BE00000-0x000000001BE4C000-memory.dmp

Filesize
304KB

Download
memory/2304-8-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-9-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-10-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-11-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-13-0x000000001DAB0000-0x000000001DBB0000-memory.dmp

Filesize
1024KB

Download
memory/2304-14-0x00007FF835F50000-0x00007FF8368F1000-memory.dmp

Filesize
9.6MB

Download
memory/2304-15-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-16-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-17-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-18-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-19-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-20-0x0000000000A70000-0x0000000000A80000-memory.dmp

Filesize
64KB

Download
memory/2304-21-0x000000001DAB0000-0x000000001DBB0000-memory.dmp

Filesize
1024KB

Download