Overview

overview

10

Static

static

10

f69df180e2...1b.exe

windows7-x64

9

f69df180e2...1b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    140s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 02:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f69df180e226f33833e2e64a9dac54789d6d0e2fec9ca83e56e3b0694fdbf61b.exe

  • Size

    10KB

  • MD5

    93d0df7843fc55634ae8c9cd9f329fed

  • SHA1

    abbb5643fbc3bc2f20dd1d30b5b8c87e64d0f559

  • SHA256

    f69df180e226f33833e2e64a9dac54789d6d0e2fec9ca83e56e3b0694fdbf61b

  • SHA512

    bb19f9c1533381515834b6b37989d9da4ca5f8c8e1bd9bae63743bf0b54a7fb1d0965ab19ef480304f619f0afd4e33b3ab2165d036997d98e678bd5228207473

  • SSDEEP

    96:3JVISW4jNWj7+PaMpm612gMcS6BNiIjHwKayc7jcTA+1bFNjfBYlEFt3z0sqWVaM:hW4W+PZX5M5GNBEKpA+1K+U4VaNEjL

Score
9/10

Malware Config

Signatures

  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f69df180e226f33833e2e64a9dac54789d6d0e2fec9ca83e56e3b0694fdbf61b.exe
    "C:\Users\Admin\AppData\Local\Temp\f69df180e226f33833e2e64a9dac54789d6d0e2fec9ca83e56e3b0694fdbf61b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2872
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 2076
      2⤵
      • Program crash
      PID:1468
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2872 -ip 2872
    1⤵
      PID:4164

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2872-0-0x000000007514E000-0x000000007514F000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2872-1-0x0000000000D50000-0x0000000000D58000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2872-2-0x0000000075140000-0x00000000758F0000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/2872-3-0x0000000075140000-0x00000000758F0000-memory.dmp

            Filesize

            7.7MB

            Download