umbral | bd0627eedef546c23e0dc70b63dbd6c144ac185a5e3710edce664f34cb87f249

Analysis

max time kernel
2s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5af9c752ae4211a59d6ddc27be136764.exe
Size

229KB
MD5

5af9c752ae4211a59d6ddc27be136764
SHA1

7404f795d31d758f28db333ffd124985e0cc9378
SHA256

bd0627eedef546c23e0dc70b63dbd6c144ac185a5e3710edce664f34cb87f249
SHA512

088cf9cb0afac0c074d1612413844f10974c6a7deba82054ee8455659b4cace67e1320d32f5a3a3c38e80268c5d07ffe4d52b5e6a9b0abd27dbd0450767c0eee
SSDEEP

3072:+61se+aFA9qpbi3cVM7hTSdm68UYLXDkpao8bE24SDT9OmxR8e1isvs+E6EiWt:p1se+uecVM7hTSdm683DPo8xr8e1Lx

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral2/memory/3160-0-0x000001D7CA0B0000-0x000001D7CA0F0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeDebugPrivilege	3160	5af9c752ae4211a59d6ddc27be136764.exe
Token: SeIncreaseQuotaPrivilege	2456	wmic.exe
Token: SeSecurityPrivilege	2456	wmic.exe
Token: SeTakeOwnershipPrivilege	2456	wmic.exe
Token: SeLoadDriverPrivilege	2456	wmic.exe
Token: SeSystemProfilePrivilege	2456	wmic.exe
Token: SeSystemtimePrivilege	2456	wmic.exe
Token: SeProfSingleProcessPrivilege	2456	wmic.exe
Token: SeIncBasePriorityPrivilege	2456	wmic.exe
Token: SeCreatePagefilePrivilege	2456	wmic.exe
Token: SeBackupPrivilege	2456	wmic.exe
Token: SeRestorePrivilege	2456	wmic.exe
Token: SeShutdownPrivilege	2456	wmic.exe
Token: SeDebugPrivilege	2456	wmic.exe
Token: SeSystemEnvironmentPrivilege	2456	wmic.exe
Token: SeRemoteShutdownPrivilege	2456	wmic.exe
Token: SeUndockPrivilege	2456	wmic.exe
Token: SeManageVolumePrivilege	2456	wmic.exe
Token: 33	2456	wmic.exe
Token: 34	2456	wmic.exe
Token: 35	2456	wmic.exe
Token: 36	2456	wmic.exe
Token: SeIncreaseQuotaPrivilege	2456	wmic.exe
Token: SeSecurityPrivilege	2456	wmic.exe
Token: SeTakeOwnershipPrivilege	2456	wmic.exe
Token: SeLoadDriverPrivilege	2456	wmic.exe
Token: SeSystemProfilePrivilege	2456	wmic.exe
Token: SeSystemtimePrivilege	2456	wmic.exe
Token: SeProfSingleProcessPrivilege	2456	wmic.exe
Token: SeIncBasePriorityPrivilege	2456	wmic.exe
Token: SeCreatePagefilePrivilege	2456	wmic.exe
Token: SeBackupPrivilege	2456	wmic.exe
Token: SeRestorePrivilege	2456	wmic.exe
Token: SeShutdownPrivilege	2456	wmic.exe
Token: SeDebugPrivilege	2456	wmic.exe
Token: SeSystemEnvironmentPrivilege	2456	wmic.exe
Token: SeRemoteShutdownPrivilege	2456	wmic.exe
Token: SeUndockPrivilege	2456	wmic.exe
Token: SeManageVolumePrivilege	2456	wmic.exe
Token: 33	2456	wmic.exe
Token: 34	2456	wmic.exe
Token: 35	2456	wmic.exe
Token: 36	2456	wmic.exe
Token: SeShutdownPrivilege	3160	5af9c752ae4211a59d6ddc27be136764.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 2456	3160	5af9c752ae4211a59d6ddc27be136764.exe	85
PID 3160 wrote to memory of 2456	3160	5af9c752ae4211a59d6ddc27be136764.exe	85

C:\Users\Admin\AppData\Local\Temp\5af9c752ae4211a59d6ddc27be136764.exe
"C:\Users\Admin\AppData\Local\Temp\5af9c752ae4211a59d6ddc27be136764.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3160-0-0x000001D7CA0B0000-0x000001D7CA0F0000-memory.dmp

Filesize
256KB

Download
memory/3160-1-0x00007FF851B30000-0x00007FF8525F1000-memory.dmp

Filesize
10.8MB

Download
memory/3160-2-0x000001D7CBD00000-0x000001D7CBD10000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads