Overview

overview

3

Static

static

3

PrincessDr...er.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-05-2024 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PrincessDragonSlayer.exe

  • Size

    68.5MB

  • MD5

    090b49d4d8f94d433e0f5a1e5012a527

  • SHA1

    12b7cc2018b0568e5b3914f8a659bc57869b8671

  • SHA256

    69370a97d1711b408d219bb39b657f97713c6dc7d9a9ef251b8484a37956157c

  • SHA512

    9d813f242d0533ba491a607a81e8f23e0ddf67111713efca353c54e0c199c4703b5162fcf8b379a5d528e6eb580fa58cd0332dbbabcd70327b61258c9b97fa06

  • SSDEEP

    786432:QNMLUq9nVhFf/sSQKbHyXkNq58PAZRG+0Ttynxcw:QNMUq9nVhFfESQKbHyXkUCl++Ixn

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PrincessDragonSlayer.exe
    "C:\Users\Admin\AppData\Local\Temp\PrincessDragonSlayer.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2008
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x370
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-22-0x00007FF798A30000-0x00007FF79CE68000-memory.dmp

    Filesize

    68.2MB

    Download

  • memory/2008-23-0x00007FF798A30000-0x00007FF79CE68000-memory.dmp

    Filesize

    68.2MB

    Download

  • memory/2008-24-0x00007FF798A30000-0x00007FF79CE68000-memory.dmp

    Filesize

    68.2MB

    Download

  • memory/2008-26-0x00007FF798A30000-0x00007FF79CE68000-memory.dmp

    Filesize

    68.2MB

    Download