Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 21:19
Behavioral task
behavioral1
Sample
MM2farm.exe
Resource
win7-20240419-en
windows7-x64
14 signatures
150 seconds
General
-
Target
MM2farm.exe
-
Size
231KB
-
MD5
512f439206e868cc2c2548b88c5d0b8c
-
SHA1
9460a24c9d5c9e4629f508f5b0711dc12719e43d
-
SHA256
7f3c593c069e2b61afce1a1d7dc5c4f4ed355d361223e6a7c24c6bf2c95b7962
-
SHA512
14f0c46cae699850d44ad973b9ffc8de39ea25e76153ff607df9ed1aae13cde115374c6b0a46b922859f7ac439dafe7ef285445c1291b789d5ad75c450b84f9b
-
SSDEEP
6144:xloZM+rIkd8g+EtXHkv/iD4C2+qlx8e1m5Vi:DoZtL+EP8P73
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral2/memory/232-0-0x000001E346890000-0x000001E3468D0000-memory.dmp family_umbral -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 232 MM2farm.exe