Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 20:30
Behavioral task
behavioral1
Sample
Copped.exe
Resource
win7-20240419-en
windows7-x64
3 signatures
150 seconds
General
-
Target
Copped.exe
-
Size
434KB
-
MD5
61eb747d9aca2e32df170bfe5cd278ed
-
SHA1
e7086ca9616727f0d612c12e5e19200f98b35b26
-
SHA256
2902b2d11793853c4ca9a23168b421afed4aacf0f345cc7ba955b2ae9cd61605
-
SHA512
6ea3dffbfb9071c506affd7b1c6f4cc3d6c911775b4df31adb8f25c75d99f536c67fcdddf4d107d1f6e969d6155fef738015d756ed8b936ca7f354ba554a8952
-
SSDEEP
12288:xoZZL+EP8MzMQQWRJ6TvSgR1ExP42u9ODA53:zI86MQQWRJ6TvSgR1Ext
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral1/memory/1648-1-0x00000000012F0000-0x0000000001362000-memory.dmp family_umbral -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1648 Copped.exe