1674da89cc476d17798e676197b96f5c31694d18dc160846cad5b0a3566a3056

Analysis

max time kernel
148s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dont touch.exe
Size

34KB
MD5

ed1404d09ac519057c48aa64b14f4e68
SHA1

af2edc842ed5818a0bd24b622c3ce24183a02bb5
SHA256

1674da89cc476d17798e676197b96f5c31694d18dc160846cad5b0a3566a3056
SHA512

03f910fe8042ca5dce9ea00ba6dbcd0223f424fc9eec0388e79eb829d420af510b0f1fe6b3a7ad804a0e1fe9b4d0f537e0281138adc95b227766689d7eb93abf
SSDEEP

768:LFMEZ/dg3Y35pQAgNsRCvHWMR8RbeNz1QB6SWL7QwlL:j35pQAj2HWxq1QolL7BlL

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
2	discord.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1756	dont touch.exe

C:\Users\Admin\AppData\Local\Temp\dont touch.exe
"C:\Users\Admin\AppData\Local\Temp\dont touch.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4252,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:8
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-0-0x0000000000220000-0x000000000022E000-memory.dmp

Filesize
56KB

Download
memory/1756-1-0x00007FFDA2EB3000-0x00007FFDA2EB5000-memory.dmp

Filesize
8KB

Download
memory/1756-2-0x00007FFDA2EB0000-0x00007FFDA3971000-memory.dmp

Filesize
10.8MB

Download
memory/1756-3-0x00007FFDA2EB0000-0x00007FFDA3971000-memory.dmp

Filesize
10.8MB

Download