Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 13:10
Behavioral task
behavioral1
Sample
Umbral3.exe
Resource
win7-20240221-en
windows7-x64
13 signatures
150 seconds
General
-
Target
Umbral3.exe
-
Size
229KB
-
MD5
7a902c87a60986f18a6b097712299256
-
SHA1
2c01906a39faa9d27a41e0d3cd84e92410b9c483
-
SHA256
e4e4f9045dc3683a2a69b9c7625f2ff46ed241ff64b47660a039dbc9d34cb0d5
-
SHA512
c8b75b3f0a77d1f84167af3c431e186802ccd5271fc4a361142e0209541de37f5d584d487bf5ea4b4d921e6e3846267fdea9f65cbd71001331bfea08de5425b6
-
SSDEEP
6144:tloZMCrIkd8g+EtXHkv/iD4DDUgoOJBiLHaIJtM34b8e1mmi:voZRL+EP8DDUgoOJBiLHaIJtMQI
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral2/memory/4128-0-0x0000029AF3640000-0x0000029AF3680000-memory.dmp family_umbral -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4128 Umbral3.exe