Analysis

  • max time kernel
    79s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 02:54

General

  • Target

    aircrack-ng-1.1-win/bin/airtun-ng.exe

  • Size

    205KB

  • MD5

    3fa24f822da697d2d0f9d5d30d06a6c8

  • SHA1

    3b72c542cd4202e0c245db073c5991a1125563e3

  • SHA256

    57d36c45d76f72ef0b459c7130b24e9349e0ad75ef114510bcf2c3a314b6da3e

  • SHA512

    bf99fb85fa3bb4cd16002857ef7e924fbd0dac2a3113fceb4d73d774ff7e5fc9de46ad986e9e70e57aab2892db054999bc06378c11c5e66c634e99fa6ee385a5

  • SSDEEP

    3072:De6E9GKKzEyexurGP1eJ8T8mjECExmBvoWivChF3IdIRXmIsQ:qr9x1eC8mlEmBvHF3RsQ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\airtun-ng.exe
    "C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\airtun-ng.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4492
    • C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\airtun-ng.exe
      "C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\airtun-ng.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/688-6-0x0000000067F00000-0x0000000067F10000-memory.dmp

    Filesize

    64KB

  • memory/688-3-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

  • memory/688-7-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB

  • memory/688-5-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB

  • memory/688-4-0x000000006BA40000-0x000000006BB66000-memory.dmp

    Filesize

    1.1MB

  • memory/688-12-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB

  • memory/4492-1-0x0000000000F20000-0x0000000001220000-memory.dmp

    Filesize

    3.0MB

  • memory/4492-2-0x0000000000F20000-0x0000000001220000-memory.dmp

    Filesize

    3.0MB

  • memory/4492-11-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB

  • memory/4492-8-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

  • memory/4492-10-0x0000000067F00000-0x0000000067F10000-memory.dmp

    Filesize

    64KB

  • memory/4492-9-0x000000006BA40000-0x000000006BB66000-memory.dmp

    Filesize

    1.1MB

  • memory/4492-0-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB