801633ba2e18afba233745cfbbf6826e660aab11b69edca4ad388ca8bfd1b11e

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
Size

1.4MB
MD5

2b36f947f49eb3185c574b1186f704c8
SHA1

1c87fcc8aadecf9ca59c716929b25da1e33772ca
SHA256

8f4215d28ac72f97942fcad3c0273c47a68e3a22024f4b8360f6ef1348d2c835
SHA512

438e97fce83e037dfa594a335fd0594f3d2b6ad07e405610ae519e6d405502f78eb51b3ad0f891a8f3e848771d14d2d2ea1544d6d2487d542909f14abd0c7bca
SSDEEP

24576:cAjQiHz39MLcCmArz+Z8HhT9TIc+CG/uDSuObJ7kAWOE:gUrOLcCmAX+Od29oOV7f4

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3460	Warm Snow v1.0-v20221104 Plus 12 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Warm Snow v1.0-v20221104 Plus 12 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Warm Snow v1.0-v20221104 Plus 12 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3460-2-0x0000027AA3F00000-0x0000027AA3F32000-memory.dmp

Filesize
200KB

Download
memory/3460-5-0x00007FF849560000-0x00007FF84A021000-memory.dmp

Filesize
10.8MB

Download
memory/3460-6-0x0000027AA4010000-0x0000027AA4020000-memory.dmp

Filesize
64KB

Download
memory/3460-7-0x0000027AA4010000-0x0000027AA4020000-memory.dmp

Filesize
64KB

Download
memory/3460-8-0x0000027AA4010000-0x0000027AA4020000-memory.dmp

Filesize
64KB

Download
memory/3460-9-0x0000027ABE180000-0x0000027ABE188000-memory.dmp

Filesize
32KB

Download
memory/3460-11-0x0000027ABE1D0000-0x0000027ABE1DE000-memory.dmp

Filesize
56KB

Download
memory/3460-10-0x0000027AC1A70000-0x0000027AC1AA8000-memory.dmp

Filesize
224KB

Download
memory/3460-26-0x00007FF849560000-0x00007FF84A021000-memory.dmp

Filesize
10.8MB

Download
memory/3460-27-0x0000027AA4010000-0x0000027AA4020000-memory.dmp

Filesize
64KB

Download
memory/3460-28-0x0000027AA4010000-0x0000027AA4020000-memory.dmp

Filesize
64KB

Download
memory/3460-29-0x0000027AA4010000-0x0000027AA4020000-memory.dmp

Filesize
64KB

Download
memory/3460-30-0x0000027AA4010000-0x0000027AA4020000-memory.dmp

Filesize
64KB

Download