Malware Analysis Report

2025-04-14 03:49

Sample ID 240612-xc6slavhrf
Target 70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe
SHA256 70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015

Threat Level: Likely benign

The file 70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:43

Reported

2024-06-12 18:46

Platform

win7-20240508-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe

"C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp

Files

memory/1976-0-0x00000000740DE000-0x00000000740DF000-memory.dmp

memory/1976-1-0x00000000010A0000-0x00000000011B4000-memory.dmp

memory/1976-2-0x00000000740D0000-0x00000000747BE000-memory.dmp

memory/1976-3-0x00000000740D0000-0x00000000747BE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:43

Reported

2024-06-12 18:46

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe

"C:\Users\Admin\AppData\Local\Temp\70dc6b10fdd33612ca1ace7c466c80d314ce30f507b6eb6c0ac7ed4b4e8b0015.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp

Files

memory/5060-0-0x000000007478E000-0x000000007478F000-memory.dmp

memory/5060-1-0x0000000000360000-0x0000000000474000-memory.dmp

memory/5060-2-0x0000000005590000-0x0000000005B34000-memory.dmp

memory/5060-3-0x0000000004E80000-0x0000000004F12000-memory.dmp

memory/5060-4-0x0000000004F20000-0x0000000004FBC000-memory.dmp

memory/5060-5-0x0000000074780000-0x0000000074F30000-memory.dmp

memory/5060-7-0x0000000074780000-0x0000000074F30000-memory.dmp