Analysis
-
max time kernel
218s -
max time network
288s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-04-2024 20:37
Behavioral task
behavioral1
Sample
C11Bootstrapper/Properties/C11Setup.exe
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
C11Bootstrapper/Properties/GuiLoader.exe
Resource
win11-20240412-en
Behavioral task
behavioral3
Sample
C11Bootstrapper/Properties/IndependenciesInstallation.bat
Resource
win11-20240412-en
Behavioral task
behavioral4
Sample
C11Bootstrapper/Properties/PageEditor.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
C11Bootstrapper/Properties/msgbox.vbs
Resource
win11-20240412-en
General
-
Target
C11Bootstrapper/Properties/PageEditor.exe
-
Size
74KB
-
MD5
a419717ff743b0f11fdde27177617cb5
-
SHA1
38e6575ad65c4cdf3301c22ff6d827e11436006f
-
SHA256
41adf4e4e460a3119ad27d5874f7ea6e09781eb91e33d90e4a5faeeaadee8300
-
SHA512
0f9a00f3d5027e6aa5636d2564db89787cc83224aa83c771822655a057fffe2f2e642c98ca9ff603ed3be4ea655d5c02c8a28161895036e80284d009ddf9b1d6
-
SSDEEP
1536:gUYkcx9pXCTyPMVXjCBevPIaH1b8/uDaQzcp1VclN:gU1cx958yPMVzCCrH1b8BQ8XY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4040
vydiplhdlyjvmj
-
delay
1
-
install
true
-
install_file
PageEditor.exe
-
install_folder
%Temp%
Signatures
-
Suspicious use of AdjustPrivilegeToken 43 IoCs
description pid Process Token: SeDebugPrivilege 1292 PageEditor.exe Token: SeIncreaseQuotaPrivilege 1292 PageEditor.exe Token: SeSecurityPrivilege 1292 PageEditor.exe Token: SeTakeOwnershipPrivilege 1292 PageEditor.exe Token: SeLoadDriverPrivilege 1292 PageEditor.exe Token: SeSystemProfilePrivilege 1292 PageEditor.exe Token: SeSystemtimePrivilege 1292 PageEditor.exe Token: SeProfSingleProcessPrivilege 1292 PageEditor.exe Token: SeIncBasePriorityPrivilege 1292 PageEditor.exe Token: SeCreatePagefilePrivilege 1292 PageEditor.exe Token: SeBackupPrivilege 1292 PageEditor.exe Token: SeRestorePrivilege 1292 PageEditor.exe Token: SeShutdownPrivilege 1292 PageEditor.exe Token: SeDebugPrivilege 1292 PageEditor.exe Token: SeSystemEnvironmentPrivilege 1292 PageEditor.exe Token: SeRemoteShutdownPrivilege 1292 PageEditor.exe Token: SeUndockPrivilege 1292 PageEditor.exe Token: SeManageVolumePrivilege 1292 PageEditor.exe Token: 33 1292 PageEditor.exe Token: 34 1292 PageEditor.exe Token: 35 1292 PageEditor.exe Token: 36 1292 PageEditor.exe Token: SeIncreaseQuotaPrivilege 1292 PageEditor.exe Token: SeSecurityPrivilege 1292 PageEditor.exe Token: SeTakeOwnershipPrivilege 1292 PageEditor.exe Token: SeLoadDriverPrivilege 1292 PageEditor.exe Token: SeSystemProfilePrivilege 1292 PageEditor.exe Token: SeSystemtimePrivilege 1292 PageEditor.exe Token: SeProfSingleProcessPrivilege 1292 PageEditor.exe Token: SeIncBasePriorityPrivilege 1292 PageEditor.exe Token: SeCreatePagefilePrivilege 1292 PageEditor.exe Token: SeBackupPrivilege 1292 PageEditor.exe Token: SeRestorePrivilege 1292 PageEditor.exe Token: SeShutdownPrivilege 1292 PageEditor.exe Token: SeDebugPrivilege 1292 PageEditor.exe Token: SeSystemEnvironmentPrivilege 1292 PageEditor.exe Token: SeRemoteShutdownPrivilege 1292 PageEditor.exe Token: SeUndockPrivilege 1292 PageEditor.exe Token: SeManageVolumePrivilege 1292 PageEditor.exe Token: 33 1292 PageEditor.exe Token: 34 1292 PageEditor.exe Token: 35 1292 PageEditor.exe Token: 36 1292 PageEditor.exe