Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 02:54

General

  • Target

    aircrack-ng-1.1-win/bin/airtun-ng.exe

  • Size

    205KB

  • MD5

    3fa24f822da697d2d0f9d5d30d06a6c8

  • SHA1

    3b72c542cd4202e0c245db073c5991a1125563e3

  • SHA256

    57d36c45d76f72ef0b459c7130b24e9349e0ad75ef114510bcf2c3a314b6da3e

  • SHA512

    bf99fb85fa3bb4cd16002857ef7e924fbd0dac2a3113fceb4d73d774ff7e5fc9de46ad986e9e70e57aab2892db054999bc06378c11c5e66c634e99fa6ee385a5

  • SSDEEP

    3072:De6E9GKKzEyexurGP1eJ8T8mjECExmBvoWivChF3IdIRXmIsQ:qr9x1eC8mlEmBvHF3RsQ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\airtun-ng.exe
    "C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\airtun-ng.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2552-0-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

  • memory/2552-4-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB

  • memory/2552-3-0x0000000067F00000-0x0000000067F10000-memory.dmp

    Filesize

    64KB

  • memory/2552-1-0x000000006BA40000-0x000000006BB66000-memory.dmp

    Filesize

    1.1MB

  • memory/2552-2-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB