Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 13:10

General

  • Target

    Umbral3.exe

  • Size

    229KB

  • MD5

    7a902c87a60986f18a6b097712299256

  • SHA1

    2c01906a39faa9d27a41e0d3cd84e92410b9c483

  • SHA256

    e4e4f9045dc3683a2a69b9c7625f2ff46ed241ff64b47660a039dbc9d34cb0d5

  • SHA512

    c8b75b3f0a77d1f84167af3c431e186802ccd5271fc4a361142e0209541de37f5d584d487bf5ea4b4d921e6e3846267fdea9f65cbd71001331bfea08de5425b6

  • SSDEEP

    6144:tloZMCrIkd8g+EtXHkv/iD4DDUgoOJBiLHaIJtM34b8e1mmi:voZRL+EP8DDUgoOJBiLHaIJtMQI

Score
10/10

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Umbral3.exe
    "C:\Users\Admin\AppData\Local\Temp\Umbral3.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4128-0-0x0000029AF3640000-0x0000029AF3680000-memory.dmp

    Filesize

    256KB

  • memory/4128-1-0x00007FF850090000-0x00007FF850B51000-memory.dmp

    Filesize

    10.8MB

  • memory/4128-2-0x0000029AF5450000-0x0000029AF5460000-memory.dmp

    Filesize

    64KB

  • memory/4128-3-0x00007FF850090000-0x00007FF850B51000-memory.dmp

    Filesize

    10.8MB