89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-04-2024 14:47

Target

89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20.exe
Size

451KB
MD5

0d34f2b095cbff0be00eb45758929907
SHA1

3fa3b5e296d49c4d8e6dfc5d4b775a48609aca78
SHA256

89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20
SHA512

6965e9d2c2b9a11bb428ba8ac47202b7d0d4aaf826f905fb0afee903b2ae4b85cec446b536721b84237aeeb08f03ff413a67c75c36ba78d85a6727831e7b6340
SSDEEP

6144:xpHC550+1KYQ2JRpK3SRgadBU9RwfqUKDPi5xo/nY:xpis+S2JRpK3SRgKQ/n

Score

9^/10

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
behavioral1/memory/2584-0-0x00000000012A0000-0x0000000001316000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2584	89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20.exe

C:\Users\Admin\AppData\Local\Temp\89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20.exe
"C:\Users\Admin\AppData\Local\Temp\89d511c97a4e0f4bf48a72fe764adb6d3de9007859c7632dc07477f2062c2b20.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2584

memory/2584-0-0x00000000012A0000-0x0000000001316000-memory.dmp

Filesize
472KB

Download
memory/2584-1-0x0000000073FB0000-0x000000007469E000-memory.dmp

Filesize
6.9MB

Download
memory/2584-2-0x0000000000DE0000-0x0000000000E20000-memory.dmp

Filesize
256KB

Download
memory/2584-3-0x0000000073FB0000-0x000000007469E000-memory.dmp

Filesize
6.9MB

Download
memory/2584-4-0x0000000000DE0000-0x0000000000E20000-memory.dmp

Filesize
256KB

Download