Analysis
-
max time kernel
137s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 19:16
Static task
static1
Behavioral task
behavioral1
Sample
MCENTERS 5.0/MCenters 5.0.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
MCENTERS 5.0/MCenters 5.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
MCENTERS 5.0/VC_redist.x64.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
MCENTERS 5.0/VC_redist.x64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
MCENTERS 5.0/VC_redist.x86.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
MCENTERS 5.0/VC_redist.x86.exe
Resource
win10v2004-20240226-en
General
-
Target
MCENTERS 5.0/MCenters 5.0.exe
-
Size
249KB
-
MD5
4ca328d332c4aa17ca7032dad1b45b00
-
SHA1
f0e94f2fb686fc4670d61b3f6631541d266a3918
-
SHA256
485a89a78b8af031106f2b6052e2447b2fb7a6300129dbca4ff554adb9b24c1d
-
SHA512
fc21c3f80ff5eec11c335d67d519fdf19339bafd79fcd0b00cf30a8c77a3e51223c99fd99389388bd5b9531815db0a2d5f7ad22a7c58fd27d1509289ba82ed4d
-
SSDEEP
3072:uUhELNdJqNOXJfBkWRWdQ831x6wpl3ny2zXeV2nU0ssiyV+WPrfcVblcZSuQ:uZL7kwXp6jyADnUUiScZOZSu
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
MCenters 5.0.exedescription pid process Token: SeDebugPrivilege 5080 MCenters 5.0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MCENTERS 5.0\MCenters 5.0.exe"C:\Users\Admin\AppData\Local\Temp\MCENTERS 5.0\MCenters 5.0.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3716 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:81⤵PID:4696