f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
Size

1.8MB
MD5

1fede9d10707ca833011f7b0d91ed354
SHA1

a2f7dae42a9820eb04586cfc00fa3b04da8510b3
SHA256

f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4
SHA512

d67a09a2a4dfc9908bec41ffee6b4b5d093ad83bd6717c2ec4aece58774be4d7d490f6aa257e0a97c7de851498a0f7372bb5ce8f4a8b148fe413405827ae206b
SSDEEP

49152:SFgOZmptfWVIzt14YQFgOZmptfWVIztDoop:SFBZm7Hz4YQFBZm7Hzio

Score

9^/10

Malware Config

Signatures

Detects executables packed with Enigma 1 IoCs

resource	yara_rule
behavioral2/memory/2332-0-0x0000000000400000-0x00000000004DA000-memory.dmp	INDICATOR_EXE_Packed_Enigma

Loads dropped DLL 4 IoCs

pid	Process
2332	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
2332	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
2332	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
2332	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2332	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2332	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
2332	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe

C:\Users\Admin\AppData\Local\Temp\f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
"C:\Users\Admin\AppData\Local\Temp\f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\data\images\ui\panel_side.png

Filesize
14KB

MD5
9f5b9405fc6391b4d4e192290ddaf2cb

SHA1
cffd12f9b6f7dadc04aa829594015312f57163fe

SHA256
f747c1c0ee07e1820c7c8a2872cea8d88b06100704fd135cd8c9aedb5283e390

SHA512
054dc8931f07ed9a0e4f4ad76969a7980dd2d523ec7e8602dbd510b3e8e27469f6110a4ebd64b61b9ac40c8843c45505d2193067bc598713c421ce7477bd9a51

Download Submit
C:\Users\Admin\AppData\Local\Temp\data\images\ui\rarity_green.png

Filesize
15KB

MD5
2709d79b46d10dd4bafd97a2a69df541

SHA1
8705906953861642dad2ccfddea2bf64a5bbedbf

SHA256
c3a41ced48d63b6410cee30d8c4da5a0f864a63689746f271f25205d7b0210cd

SHA512
b4703a7ac3019c8aa2b87f3f67887cc3d66f468ab416159de852c151e8a53c731479af6b0e2788e4e4cf1e6a40119844ac49810b7a4a739989cabefbcc971080

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb4D22.tmp

Filesize
1KB

MD5
6f4f5bc0564e2d7d8ddab721ba02bb2a

SHA1
e6508404efdd61ab3d82b467100350af43104890

SHA256
8cab792e9dafe8a6a1368152b6b0092ee8a852006682594b1edf09ee532b8e9b

SHA512
a6613c04aa5e0f7926fd3453257234e61a2cbe7ff8f27b112579af0baf227ea9adeb63c4e8365e11c88b512bfdd9387fb24734d89a6ab4c5ba40b7b3ee521a0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\modules\game_bot\default_configs\vBot_4.8\cavebot\cavebot.otui

Filesize
974B

MD5
02aa27cf0478d2c539c71ad039f667d1

SHA1
c0175eee276dd6877f3ebd07cae8c586c8a0952b

SHA256
cf171641162fc105d78de1f705333c20a78728967184473159158404b6c8de08

SHA512
779aa94e3c6a670f0864f474334122a7b7960458fbffe7c4f0dbf77ca33336229b31bad885981bef0d31c51c3182446c540a7fdb4bdf4eb413b464a7facfa8cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\modules\game_bot\default_configs\vBot_4.8\cavebot\config.otui

Filesize
994B

MD5
b5d05b5225fe4fdce4a53f0b92c79ebc

SHA1
86d45d3b70bcc1107dea84a7bac92cce8637cbc7

SHA256
e7887006efe3f75b36b7f5bc880162a46b401c858d1a3f29fe566e38080365a4

SHA512
c88dda9f5e84752777192fc22860a2adab5ab320308fb28cede9e83473023eb09d33c757ac102965ded438245da9529b73fd4ca9d0225899116680e251c1c4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\modules\game_bot\default_configs\vBot_4.8\cavebot\editor.otui

Filesize
783B

MD5
14922b4a9288146384f24747709ab96c

SHA1
bd2b354b84a501d98e555001324a851bbd57c2df

SHA256
5820d5e675bf2b4fcb0bfd8ccc9f2ef52f83205afea3bc218d6135d0e0c1ceec

SHA512
e7a968311c740aa74441b1605476f54a96d8423a968876648fed36d31bca5b9e6f280ebadb2c1169c3494f1dd9aa23d21e9d403deb881a70dfac88eaea0873f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\modules\game_bot\default_configs\vBot_4.8\cavebot\extension_template.lua

Filesize
1KB

MD5
cb1a9f877f3ed41369ecada0242596e5

SHA1
ee98fafdf7923a66245eaee8917f0fe63e0c9f5e

SHA256
76c2eb50b385acd625bba4660fe1af38390c539a69d94d7206a49c2cc8635063

SHA512
40128a60e49937634b5723a11802dea0b2f769ab136efa3d4a92cb0b82d66eada55a55a33a838dffc559ad4dcde4d7e771414b6c69907c052f34c56188c66d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\modules\game_bot\default_configs\vBot_4.8\cavebot\walking.lua

Filesize
2KB

MD5
9ac09a287a2d2ecfb344f5d95a898c6a

SHA1
f3a0ffe77024c06e9fb4485991e07e9579a23e95

SHA256
1763591e08544ee5394a3d91a8f3396cea5b51c909a363f1c35eb0d63fbb95da

SHA512
363d1e68fba35726278845d415ea9692cf8c9dc0d1d461c7961e2da2068ebc7482f59ae3fcaf6123a669db430c118191ce918a80c88850216920e377384f51a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\modules\game_bot\default_configs\vBot_4.8\targetbot\target.otui

Filesize
2KB

MD5
54817022c101a7281aa5340662377844

SHA1
6c158466dbc324347b39072cf2f2e2dd83b0dd7e

SHA256
9200e33e91bbd2ff20ba657745cd1ffff448763a9f5d88c37a3da4400e9adf2b

SHA512
bcf5a2e17d71cf56644a36fac740e80d92479deb0a15f6528818fd494defbead168faa6263e07831dfd00971a841439d9bfa32b05720d184c296351c5fe24c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\modules\game_bot\default_configs\vBot_4.8\targetbot\walking.lua

Filesize
754B

MD5
9a71ddd22f4175a4232a913b66b3bdb1

SHA1
b1430bf36c8cb9a78a241505a7a2c4c1849327cc

SHA256
8a59a0ce748162e562caad93f6aac29e3b25087bef3aed0af7241137e2d65a6d

SHA512
1802a30cce701e2c9fa492ada0ed8c79ffbf48ca10945fe0dc60558093534a2b3958acfea337155e17eb205d7a355bc516350b20afc5d0c358c675134c79a691

Download Submit
memory/2332-7-0x0000000073EB0000-0x0000000074660000-memory.dmp

Filesize
7.7MB

Download
memory/2332-117-0x0000000007EE0000-0x0000000007F3C000-memory.dmp

Filesize
368KB

Download
memory/2332-14-0x0000000073EB0000-0x0000000074660000-memory.dmp

Filesize
7.7MB

Download
memory/2332-11-0x0000000000400000-0x00000000004DA000-memory.dmp

Filesize
872KB

Download
memory/2332-23-0x0000000008E90000-0x0000000008EEC000-memory.dmp

Filesize
368KB

Download
memory/2332-24-0x0000000073EBE000-0x0000000073EBF000-memory.dmp

Filesize
4KB

Download
memory/2332-42-0x0000000073EB0000-0x0000000074660000-memory.dmp

Filesize
7.7MB

Download
memory/2332-113-0x0000000073EB0000-0x0000000074660000-memory.dmp

Filesize
7.7MB

Download
memory/2332-114-0x0000000073EB0000-0x0000000074660000-memory.dmp

Filesize
7.7MB

Download
memory/2332-12-0x0000000073EB0000-0x0000000074660000-memory.dmp

Filesize
7.7MB

Download
memory/2332-10-0x0000000073EB0000-0x0000000074660000-memory.dmp

Filesize
7.7MB

Download
memory/2332-8-0x0000000005490000-0x000000000549A000-memory.dmp

Filesize
40KB

Download
memory/2332-0-0x0000000000400000-0x00000000004DA000-memory.dmp

Filesize
872KB

Download
memory/2332-6-0x0000000005380000-0x0000000005412000-memory.dmp

Filesize
584KB

Download
memory/2332-5-0x00000000054E0000-0x0000000005A84000-memory.dmp

Filesize
5.6MB

Download
memory/2332-4-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2332-3-0x0000000073EBE000-0x0000000073EBF000-memory.dmp

Filesize
4KB

Download
memory/2332-1-0x0000000077032000-0x0000000077033000-memory.dmp

Filesize
4KB

Download
memory/2332-2-0x0000000077033000-0x0000000077034000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads