5695a75d96e56497ab5f7175d5c1da59a4565df668cb89db774eefbb5bfb6cf5

Submit
Reports

Overview

overview

Static

static

d7deda9897...8d.exe

windows7-x64

d7deda9897...8d.exe

windows10-2004-x64

d80d51404c...20.exe

windows7-x64

d80d51404c...20.exe

windows10-2004-x64

d8a40fff2e...76.exe

windows7-x64

d8a40fff2e...76.exe

windows10-2004-x64

d92b5b0796...45.exe

windows7-x64

d92b5b0796...45.exe

windows10-2004-x64

de558a924a...a1.exe

windows7-x64

de558a924a...a1.exe

windows10-2004-x64

e1051e77a0...c0.exe

windows7-x64

e1051e77a0...c0.exe

windows10-2004-x64

e1ae0e66e2...be.exe

windows7-x64

e1ae0e66e2...be.exe

windows10-2004-x64

e4d5b043f5...f1.exe

windows7-x64

e4d5b043f5...f1.exe

windows10-2004-x64

e4d72d8ddc...a8.exe

windows7-x64

e4d72d8ddc...a8.exe

windows10-2004-x64

e5370d47a3...e0.exe

windows7-x64

e5370d47a3...e0.exe

windows10-2004-x64

e57bff75d5...ad.exe

windows7-x64

e57bff75d5...ad.exe

windows10-2004-x64

e65128450f...ea.exe

windows7-x64

e65128450f...ea.exe

windows10-2004-x64

e800a3ce24...c8.exe

windows7-x64

e800a3ce24...c8.exe

windows10-2004-x64

e8412c4989...cb.exe

windows7-x64

e8412c4989...cb.exe

windows10-2004-x64

e91296156c...ff.exe

windows7-x64

e91296156c...ff.exe

windows10-2004-x64

ea6ec9be3a...54.exe

windows7-x64

ea6ec9be3a...54.exe

windows10-2004-x64

Resubmissions

05-09-2023 01:34

230905-by5lrsch46 10

Analysis

max time kernel
134s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 01:20

Sharing

Copy URL

Twitter E-mail

Static task

static1

29 signatures

Behavioral task

behavioral1

Sample

d7deda9897282437fa0da638c09ce0a66a147d6c0ff6e05e5694eff45072a48d.exe

Resource

win7-20240508-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7deda9897282437fa0da638c09ce0a66a147d6c0ff6e05e5694eff45072a48d.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

d80d51404cf247d308a927c553201bffc89b06d8ff1c2590e031f46476671c20.exe

Resource

win7-20240508-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

d80d51404cf247d308a927c553201bffc89b06d8ff1c2590e031f46476671c20.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral5

Sample

d8a40fff2ed2312089771a05fd488f25b3a0c4805354a765793e0c70d5412076.exe

Resource

win7-20240221-en

collection spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral6

Sample

d8a40fff2ed2312089771a05fd488f25b3a0c4805354a765793e0c70d5412076.exe

Resource

win10v2004-20240508-en

collection spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral7

Sample

d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral8

Sample

d92b5b079600e4b7db2b17374ce0f2e20e077a28f9275c5054b857de09377745.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral9

Sample

de558a924a89a755f2d660f864d164c81e62ddf7da400fe771c0febbe1858aa1.exe

Resource

win7-20240508-en

asyncrat vbs09 rat

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

de558a924a89a755f2d660f864d164c81e62ddf7da400fe771c0febbe1858aa1.exe

Resource

win10v2004-20240508-en

asyncrat vbs09 rat

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

e1ae0e66e2ad4ee07faec69a41c3aaf6982e5a5c6fe9af7403310c43519227be.exe

Resource

win7-20240220-en

agenttesla collection execution keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral14

Sample

e1ae0e66e2ad4ee07faec69a41c3aaf6982e5a5c6fe9af7403310c43519227be.exe

Resource

win10v2004-20240508-en

agenttesla collection execution keylogger persistence spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral15

Sample

e4d5b043f5c9e0894a5f4a21c93cd7347a609a900da8f56f55a0dd84269e81f1.exe

Resource

win7-20240221-en

vmprotect

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

e4d5b043f5c9e0894a5f4a21c93cd7347a609a900da8f56f55a0dd84269e81f1.exe

Resource

win10v2004-20240508-en

vmprotect

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8.exe

Resource

win7-20240221-en

redline infostealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

e4d72d8ddc51c3881aac8e689eeb381b4c97a87cf7dc973c97e5fe35feaa80a8.exe

Resource

win10v2004-20240508-en

redline infostealer

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

e5370d47a36c3b7af18e4c8e1adb4a08f18bf9ee424f821ccfd585dfb7c111e0.exe

Resource

win7-20240419-en

agenttesla collection execution keylogger persistence spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral20

Sample

e5370d47a36c3b7af18e4c8e1adb4a08f18bf9ee424f821ccfd585dfb7c111e0.exe

Resource

win10v2004-20240508-en

agenttesla collection execution keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral21

Sample

e57bff75d5dff87a5a965e50d9acdfb8237419c14a102b78493d893e11b1adad.exe

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral22

Sample

e57bff75d5dff87a5a965e50d9acdfb8237419c14a102b78493d893e11b1adad.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral23

Sample

e65128450ff1d82705658fe9599d02d0f3b3500542c156eff284e64d80a24dea.exe

Resource

win7-20240220-en

agenttesla collection keylogger spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral24

Sample

e65128450ff1d82705658fe9599d02d0f3b3500542c156eff284e64d80a24dea.exe

Resource

win10v2004-20240426-en

agenttesla collection keylogger spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral25

Sample

e800a3ce2466445ee0414d5eeb436cbc23c580fd8eae4c61e6f092bf3f2992c8.exe

Resource

win7-20240508-en

lokibot collection spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral26

Sample

e800a3ce2466445ee0414d5eeb436cbc23c580fd8eae4c61e6f092bf3f2992c8.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral27

Sample

e8412c49890da839070b49b7eb8f364b408557fd35ab5fc593637e4e8e496dcb.exe

Resource

win7-20240508-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral28

Sample

e8412c49890da839070b49b7eb8f364b408557fd35ab5fc593637e4e8e496dcb.exe

Resource

win10v2004-20240426-en

formbook v93r rat spyware stealer trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral29

Sample

e91296156cd506f7a152db4e4beac1c56ce03676f16db637c97cd135038409ff.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral30

Sample

e91296156cd506f7a152db4e4beac1c56ce03676f16db637c97cd135038409ff.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral31

Sample

ea6ec9be3aea67056e4564a9b3ce8d6e92eda54db32e710043de98d7d65ffd54.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

ea6ec9be3aea67056e4564a9b3ce8d6e92eda54db32e710043de98d7d65ffd54.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe
Size

79KB
MD5

d4cd720a666d79b2ab49106c8a9f36f6
SHA1

9098478ffab34d0d9e334dce3cd1769b86be166b
SHA256

e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0
SHA512

586ef5a136c0d1ab918af6745ad8ab2c922fddff4748a495c5e183c9dae608d0cf3dd7c642b8212e63cdc003f93f64f9b3b19c5250468e699e5c07d1c6f84f61
SSDEEP

768:vljP1pmjALZy6prdO7K+tJpN201s9jmHt8N5zg7de8Aaiqk329ZvUDJK9BHXYpoz:vsuHQelfUAauuVU0TKoLOIrdppmdQ

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe

description pid process

Token: SeDebugPrivilege 4368 e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe

description	pid	process
Token: SeDebugPrivilege	4368	e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe

Processes

C:\Users\Admin\AppData\Local\Temp\e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe
"C:\Users\Admin\AppData\Local\Temp\e1051e77a093d4fd5c81b43914bff83dce8662374f1c7e4b3a082ce2094870c0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4368-0-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/4368-1-0x0000000000A80000-0x0000000000A9A000-memory.dmp

Filesize
104KB

Download
memory/4368-2-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/4368-3-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/4368-4-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download