ce23c8284673debf5214dde212dbd537654ef95ee0cb6e28a6e9864dd6602e14

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XAU.exe
Size

9.5MB
MD5

99d58853a73b223f27f2976376a1469a
SHA1

f98d467976de9209db30be2c4fb3fde96544e026
SHA256

ce23c8284673debf5214dde212dbd537654ef95ee0cb6e28a6e9864dd6602e14
SHA512

ecf0892e884ed36a735be007888f03c1fcb82b143dad5430177cd4ac9747f4a5840538206473a568537c08b36777e68b2fc51977a9818ae2a82591d2240a6afd
SSDEEP

98304:bI9vTZrgPNZyz5mOYoXyI/PLCvSmaRT+BcPNRZ5h5AHDfyRr8l5N:KTUN4z5mOzyQNNRZo

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
16	raw.githubusercontent.com
19	raw.githubusercontent.com
23	raw.githubusercontent.com

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe
4612	XAU.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4612	XAU.exe

C:\Users\Admin\AppData\Local\Temp\XAU.exe
"C:\Users\Admin\AppData\Local\Temp\XAU.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads