Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-03-2024 14:24
Behavioral task
behavioral1
Sample
HyperUD.exe
Resource
win7-20240215-en
windows7-x64
4 signatures
150 seconds
General
-
Target
HyperUD.exe
-
Size
234KB
-
MD5
909391eed1553a3fa6f4dc055adbe3aa
-
SHA1
5af04da4c504b66a25a165c5a8dcd516d566ed24
-
SHA256
6fad9668c32f1b4906274dc81e836e5c22fd572371956c7723722b078247e636
-
SHA512
28b6837ed50d2e2cf68a627a19ad0518df4f79b194ebfa0d6f0e8d52b80694dafcb1b45e31f501837492d68eed9c49c29530d4b4f1c28a1f518d6352a1da3945
-
SSDEEP
6144:jloZM+rIkd8g+EtXHkv/iD4O+K4NbYMTPqL9Y0h/jgb8e1mxi:BoZtL+EP8O+K4NbYMTPqL9Y0h/0T
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral2/memory/3144-0-0x0000021462850000-0x0000021462890000-memory.dmp family_umbral -
Suspicious use of AdjustPrivilegeToken 43 IoCs
description pid Process Token: SeDebugPrivilege 3144 HyperUD.exe Token: SeIncreaseQuotaPrivilege 4348 wmic.exe Token: SeSecurityPrivilege 4348 wmic.exe Token: SeTakeOwnershipPrivilege 4348 wmic.exe Token: SeLoadDriverPrivilege 4348 wmic.exe Token: SeSystemProfilePrivilege 4348 wmic.exe Token: SeSystemtimePrivilege 4348 wmic.exe Token: SeProfSingleProcessPrivilege 4348 wmic.exe Token: SeIncBasePriorityPrivilege 4348 wmic.exe Token: SeCreatePagefilePrivilege 4348 wmic.exe Token: SeBackupPrivilege 4348 wmic.exe Token: SeRestorePrivilege 4348 wmic.exe Token: SeShutdownPrivilege 4348 wmic.exe Token: SeDebugPrivilege 4348 wmic.exe Token: SeSystemEnvironmentPrivilege 4348 wmic.exe Token: SeRemoteShutdownPrivilege 4348 wmic.exe Token: SeUndockPrivilege 4348 wmic.exe Token: SeManageVolumePrivilege 4348 wmic.exe Token: 33 4348 wmic.exe Token: 34 4348 wmic.exe Token: 35 4348 wmic.exe Token: 36 4348 wmic.exe Token: SeIncreaseQuotaPrivilege 4348 wmic.exe Token: SeSecurityPrivilege 4348 wmic.exe Token: SeTakeOwnershipPrivilege 4348 wmic.exe Token: SeLoadDriverPrivilege 4348 wmic.exe Token: SeSystemProfilePrivilege 4348 wmic.exe Token: SeSystemtimePrivilege 4348 wmic.exe Token: SeProfSingleProcessPrivilege 4348 wmic.exe Token: SeIncBasePriorityPrivilege 4348 wmic.exe Token: SeCreatePagefilePrivilege 4348 wmic.exe Token: SeBackupPrivilege 4348 wmic.exe Token: SeRestorePrivilege 4348 wmic.exe Token: SeShutdownPrivilege 4348 wmic.exe Token: SeDebugPrivilege 4348 wmic.exe Token: SeSystemEnvironmentPrivilege 4348 wmic.exe Token: SeRemoteShutdownPrivilege 4348 wmic.exe Token: SeUndockPrivilege 4348 wmic.exe Token: SeManageVolumePrivilege 4348 wmic.exe Token: 33 4348 wmic.exe Token: 34 4348 wmic.exe Token: 35 4348 wmic.exe Token: 36 4348 wmic.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3144 wrote to memory of 4348 3144 HyperUD.exe 92 PID 3144 wrote to memory of 4348 3144 HyperUD.exe 92