Analysis

  • max time kernel
    150s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 20:38

General

  • Target

    MyMalwareDatabase-main/MyMalwareDatabase-main/Saturn.exe

  • Size

    252KB

  • MD5

    71b94d0f4e7c623b1d9f472aeecdbbd4

  • SHA1

    6f2b194dcb43c5c8e6e037ccffa9b50320dcc461

  • SHA256

    5502e266c3407d1ee605b799cac58b60144a2571d45467ac26e177c5befc84ad

  • SHA512

    99be15c5d25c3d759f29296420f398b1d00b1556ab3a13991dfbb28bac2156fff3a880dfb6a6daa4f57176c3b9725bae87849be930496568781c8bba523f2e2d

  • SSDEEP

    3072:MpK/1U/T2/XJK905M0LHyrczGqAe7nnn5N3kPqd3XmZ+xqfpjD0Ss5Wp:MpK/1U/TP0EqZP0ym+xqfpXl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Saturn.exe
    "C:\Users\Admin\AppData\Local\Temp\MyMalwareDatabase-main\MyMalwareDatabase-main\Saturn.exe"
    1⤵
      PID:5064
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x38c 0x384
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2372

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5064-1-0x0000000074400000-0x0000000074BB0000-memory.dmp

      Filesize

      7.7MB

    • memory/5064-0-0x0000000000A00000-0x0000000000A46000-memory.dmp

      Filesize

      280KB

    • memory/5064-2-0x0000000005A60000-0x0000000006004000-memory.dmp

      Filesize

      5.6MB

    • memory/5064-3-0x00000000054B0000-0x0000000005542000-memory.dmp

      Filesize

      584KB

    • memory/5064-4-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

    • memory/5064-5-0x0000000005450000-0x000000000545A000-memory.dmp

      Filesize

      40KB

    • memory/5064-6-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

    • memory/5064-7-0x0000000074400000-0x0000000074BB0000-memory.dmp

      Filesize

      7.7MB

    • memory/5064-8-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

    • memory/5064-9-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

    • memory/5064-10-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

    • memory/5064-11-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

    • memory/5064-12-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB

    • memory/5064-13-0x00000000053C0000-0x00000000053D0000-memory.dmp

      Filesize

      64KB