Overview

overview

7

Static

static

3

Xfer_KeyGen.exe

windows7-x64

7

Xfer_KeyGen.exe

windows10-2004-x64

7

$TEMP/BASSMOD.dll

windows7-x64

1

$TEMP/BASSMOD.dll

windows10-2004-x64

1

$TEMP/R2RXFEKG.dll

windows7-x64

1

$TEMP/R2RXFEKG.dll

windows10-2004-x64

3

$TEMP/keygen.exe

windows7-x64

1

$TEMP/keygen.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/keygen.exe

  • Size

    249KB

  • MD5

    39940bef79a1d23adf86979d4d4cceed

  • SHA1

    593f9ea0cd0c1c4ec35c92a4473ed05437fb22ce

  • SHA256

    941267a1bd1328f21bbaf3a1ba5abe12196c3d57e4c49134c6764e7b143767d8

  • SHA512

    12b8f61bb8c1c661d7d4c7aff5e2e3f2915cd1b3c923bf9b17dd3bcc8b3ffb4145aa86b284bedd2695c6e62117cc1257a896dfe3227961deac35e8e9836d12c3

  • SSDEEP

    6144:pcmzikEPDonRgNgz1+hw6hNgPfHv9PAimIAOsE7c7:pc/kEPDonR6Y436vRH7c7

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\keygen.exe"
    1⤵
      PID:3972
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x2f4 0x468
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3420

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3972-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/3972-1-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-2-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-3-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-4-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-5-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-6-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-7-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-8-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-9-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-10-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-11-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-12-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-13-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-14-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-15-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/3972-16-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download