88418205ad303c208f27e1efeef81032ce7373d0d005cdbe4d890d7351b5674c

Analysis

max time kernel
24s
max time network
19s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-05-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hacked client (rats) LMAO/ectasy.exe
Size

66KB
MD5

de3594a88b85041ec31efcf0735b1906
SHA1

a8751a4a7fdf31dc82162a35e906644652d37c4a
SHA256

7bef6dcd145cb672fded1ae019319cc13441552de9d48e35975d771bbd531124
SHA512

1b41d72aa942aa607ec04eca67f56f76f9a65407c258f66d2dd4fb812bc5d1211c5578c251360088a266ff4b62aa7aae3c394d48fd60a5e57f795e6913ec292b
SSDEEP

1536:SQjspDSF7IyR5ukwL3qJgkkkSkkkkkkekNkkkkkkkkkLc/cicWbjS1jDEOKcl:jjMS/5G+gkkkSkkkkkkekNkkkkkkkkk3

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

1 pastebin.com
2 pastebin.com
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

ectasy.exe

pid process

3104 ectasy.exe
3104 ectasy.exe
3104 ectasy.exe
3104 ectasy.exe
3104 ectasy.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ectasy.exe

description pid process

Token: SeDebugPrivilege 3104 ectasy.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

ectasy.exe

pid process

3104 ectasy.exe

flow	ioc
1	pastebin.com
2	pastebin.com

pid	process
3104	ectasy.exe
3104	ectasy.exe
3104	ectasy.exe
3104	ectasy.exe
3104	ectasy.exe

description	pid	process
Token: SeDebugPrivilege	3104	ectasy.exe

pid	process
3104	ectasy.exe

C:\Users\Admin\AppData\Local\Temp\hacked client (rats) LMAO\ectasy.exe
"C:\Users\Admin\AppData\Local\Temp\hacked client (rats) LMAO\ectasy.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3104

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3104-0-0x0000021B4CC00000-0x0000021B4CC14000-memory.dmp

Filesize
80KB

Download
memory/3104-1-0x00007FFEBBF70000-0x00007FFEBC95C000-memory.dmp

Filesize
9.9MB

Download
memory/3104-2-0x0000021B671A0000-0x0000021B671B0000-memory.dmp

Filesize
64KB

Download
memory/3104-3-0x0000021B671A0000-0x0000021B671B0000-memory.dmp

Filesize
64KB

Download
memory/3104-4-0x00007FFEBBF70000-0x00007FFEBC95C000-memory.dmp

Filesize
9.9MB

Download
memory/3104-5-0x0000021B671A0000-0x0000021B671B0000-memory.dmp

Filesize
64KB

Download
memory/3104-6-0x0000021B671A0000-0x0000021B671B0000-memory.dmp

Filesize
64KB

Download