f51422da0c91f9c2dcd1e87e61f0a59f64cd71915a006fd83f67be96e8cd31a5 | Triage

Analysis

max time kernel
556s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 21:53

Sharing

Report Analysis Logs

General

Target

ImmortaL/Launcher.exe
Size

19.9MB
MD5

9319baa845014b9b1b19c74d71b3102f
SHA1

abd3a8d4b66c8ae234c3c364418c7f36496971c3
SHA256

b5b06a1fc40c1f61198aec7becfcd62a0d3da7a19e48166b8f8e98840a2ca7fe
SHA512

2619a014ae87c5942f5c672981cc7121650057c2f6e0be74426942eebf6f54d457b6f5860e9fedb83ab3257e466a4b0ad7ed4671867f8b5f46a8de91793eb45f
SSDEEP

393216:QsJU/P2y1sMts1jn0xnJ6A0C2jQ1riHfqXAU6S:QsJU/uB1jn0xnJ50C2M1eUT

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

Launcher.exe

pid	process
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe
3528	Launcher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Launcher.exe

description pid process

Token: SeDebugPrivilege 3528 Launcher.exe

C:\Users\Admin\AppData\Local\Temp\ImmortaL\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\ImmortaL\Launcher.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...