Overview

overview

10

Static

static

3

pantheon s...ed.exe

windows7-x64

10

pantheon s...ed.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    23s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-03-2024 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pantheon sucurity-cleaned-cleaned.exe

  • Size

    493KB

  • MD5

    1c55aba76c3683fbbf929c8567b6e04d

  • SHA1

    0c93b0e1270bd409388c411b12f4ccd740c38075

  • SHA256

    ab5459d5eb0d95fcc9ddfe4a577a609be53b06b509e5a65927862f67f7da8f93

  • SHA512

    75cce368e043f1b87363f9f24f558d1d212c0cbfcb108d3a937763d5711ced589f472fea019a5ac00637886166715f2a4356e8b3938114eb5fefe117fcf3f3b1

  • SSDEEP

    12288:3Bk5ut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+Qb:Oa6N6LqQzJqko

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pantheon sucurity-cleaned-cleaned.exe
    "C:\Users\Admin\AppData\Local\Temp\pantheon sucurity-cleaned-cleaned.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q2wyglvz\q2wyglvz.cmdline"
      2⤵
        PID:1884

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \??\c:\Users\Admin\AppData\Local\Temp\q2wyglvz\q2wyglvz.0.cs
      Filesize

      1KB

      MD5

      14846c9faaef9299a1bf17730f20e4e6

      SHA1

      8083da995cfaa0e8e469780e32fcff1747850eb6

      SHA256

      61bc7b23a430d724b310e374a67a60dd1e1f883c6dd3a98417c8579ba4973c1b

      SHA512

      549d99dbb7376d9d6106ad0219d6cf22eb70c80d54c9ad8c7d0b04a33d956515e55c9608ab6eec0733f2c23602867eb85b43e58200ded129958c7de7ed22efb1

      Download Submit
    • \??\c:\Users\Admin\AppData\Local\Temp\q2wyglvz\q2wyglvz.cmdline
      Filesize

      455B

      MD5

      f0b682b5b9f3d8de9abce0db76c22cbb

      SHA1

      12976778907e077edb17192633ef840d71c72fa8

      SHA256

      8191ab0db75cb33c320dad03ca89832868fd9c31a41cda9070c97b43421c54b2

      SHA512

      3b257665655100d70be2f0bf01a3c32ad5c0447e38d08081eb30aa460ee0680980251987200dc8e0173453731a1d6bc0d9dc02c74a04873271aa14f7a0230f17

      Download Submit
    • memory/5096-0-0x0000000074CB0000-0x0000000075460000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/5096-1-0x00000000002F0000-0x0000000000372000-memory.dmp
      Filesize

      520KB

      Download
    • memory/5096-2-0x0000000004D10000-0x0000000004DAC000-memory.dmp
      Filesize

      624KB

      Download
    • memory/5096-3-0x0000000004DB0000-0x0000000004E42000-memory.dmp
      Filesize

      584KB

      Download
    • memory/5096-4-0x0000000004F00000-0x0000000004F10000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5096-5-0x00000000068D0000-0x0000000006E74000-memory.dmp
      Filesize

      5.6MB

      Download