3d9824233d39a07c87a20df689f5eefa35dbd88685d01d06a7f98d5df9784dcb

Analysis

max time kernel
3s
max time network
4s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release/Pegasus Crypter.exe
Size

1.6MB
MD5

e7e7a188a7c59031c544442781c610e3
SHA1

292b264ac240d939b3024ba3821fe0d2de325630
SHA256

969788dc81521915b71eb5fcb71969f7f75817dca8d90e235b9b6ada1e3b8e2b
SHA512

b0da54e02d6bffd308b44d9abb3862d652213957c84fed82912b9645518b78b2f18b3d9ada0a650529f8ba8d1d67c9ce45d3d516f36c692c49c916ee7819a084
SSDEEP

24576:1O00V4h8gtKm7PMWXWArwboKdpyuw5D9wJWopfw+Jwz/S/6R:zIm7P/GoMgt52Wuw+W7SCR

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	Pegasus Crypter.exe

C:\Users\Admin\AppData\Local\Temp\Release\Pegasus Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Pegasus Crypter.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2108-0-0x00000000012B0000-0x0000000001450000-memory.dmp

Filesize
1.6MB

Download
memory/2108-1-0x000007FEF5BD0000-0x000007FEF65BC000-memory.dmp

Filesize
9.9MB

Download
memory/2108-2-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2108-3-0x0000000000D50000-0x0000000000DD0000-memory.dmp

Filesize
512KB

Download
memory/2108-4-0x00000000011E0000-0x0000000001290000-memory.dmp

Filesize
704KB

Download