Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 18:25
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
2024-06-12_11145f3c7b5280396dd8b36cc67267f1_snatch.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
2024-06-12_11145f3c7b5280396dd8b36cc67267f1_snatch.exe
-
Size
24.7MB
-
MD5
11145f3c7b5280396dd8b36cc67267f1
-
SHA1
9c57ee77b39dcc05055c287dccd338bd8e7cf744
-
SHA256
3118301d1e8a265d92c26a56630a30575847534f2b3ecc3f4de5bc0627b6b4a2
-
SHA512
6a5bb85f79bc65d1ea2841c49b1be3c25eb30a320f7c416eb2a862c1268d7e80fd52670cebccc8753f25bb0168fd3c060c04edeb6f6a1c0471031eae696cd1bd
-
SSDEEP
196608:eWOrf5mIzGtNYH8je1uqM+HHThsdVQBWG:eWCf5mAeNYH8sU+HzfB
Score
9/10
Malware Config
Signatures
-
Detects Windows executables referencing non-Windows User-Agents 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2728-11-0x0000000000400000-0x0000000001D2D000-memory.dmp INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2024-06-12_11145f3c7b5280396dd8b36cc67267f1_snatch.exedescription pid Process Token: SeTakeOwnershipPrivilege 2728 2024-06-12_11145f3c7b5280396dd8b36cc67267f1_snatch.exe