Overview

overview

1

Static

static

1

spacedeskConsole.exe

windows7-x64

1

spacedeskConsole.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    spacedeskConsole.exe

  • Size

    458KB

  • MD5

    7b63ec901fb648bc6e064bf342c2479f

  • SHA1

    3e58b52c60ff8ab18ff3d30accff593b86d84bfb

  • SHA256

    7e35bf71cbe34abcca462a51dbacc7ac078055fe559f2a2cac0bb03a2305dd3f

  • SHA512

    fc708108be4d27b7efb1e9908a9d4a4422260d5cf137950669a30de46fcdf7902e8722685d286cc6e95b77a54e10687a5ad8fc883f6d644d126499f205b55b60

  • SSDEEP

    6144:MPYgn0nEbWRoTHFQGnlHWfDnITQq2bOCdQX83K:McnF03t4ITQ3K

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\spacedeskConsole.exe
    "C:\Users\Admin\AppData\Local\Temp\spacedeskConsole.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2188
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" /c Get-NetConnectionProfile > "C:\Users\Public\netconnectionprofile.txt"
      2⤵
        PID:2212
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "powershell.exe" /c Get-AppXPackage -Name AppleInc.iTunes > "C:\Users\Public\spAppxpackageinstalled.txt"
        2⤵
          PID:2544
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "powershell.exe" /c Get-AppXPackage -Name AppleInc.AppleDevices > "C:\Users\Public\spAppxpackageinstalled.txt"
          2⤵
            PID:3008

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
          Filesize

          7KB

          MD5

          6f0344e9ce7f32cf3035122f5c8ad6e5

          SHA1

          83db84450e582ed16951d8f9b0adebd9178051ce

          SHA256

          17b2706db961c5fd96f7ad77a1cf01c18e79c3d9ec48901e77858fcc4a89a669

          SHA512

          9ead8cc3c93177544cc36114c3509a6e6c9eb1610112014ced07cbe72f25da066f7db219391a701c8bdeb5b2a3cbcfd040c9dfc378c05e800ec86d2cf3e87145

          Download Submit

        • memory/2188-0-0x000007FEF5713000-0x000007FEF5714000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2188-1-0x0000000000300000-0x0000000000376000-memory.dmp

          Filesize

          472KB

          Download

        • memory/2188-2-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2188-3-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2188-5-0x0000000000160000-0x000000000016A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2188-4-0x0000000000160000-0x000000000016A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2212-15-0x000000001B6B0000-0x000000001B992000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/2212-16-0x0000000002690000-0x0000000002698000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3008-22-0x000000001B690000-0x000000001B972000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-23-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

          Filesize

          32KB

          Download