Overview

overview

10

Static

static

10

c045a0feb2...94.exe

windows7-x64

10

c045a0feb2...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-07-2024 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c045a0feb21965b697ce7c6abcf68d94.exe

  • Size

    8.0MB

  • MD5

    c045a0feb21965b697ce7c6abcf68d94

  • SHA1

    bd60e3aa141a2ed4dbb11313be29fadc9fb50b6a

  • SHA256

    2a068fd9cec974e59a74ab132f781f9c69cb5b620e562f05d514d7720752ae64

  • SHA512

    013661d73b8140304a8578b9d903e9192aed82ce1dc244065284a5ae5ed83482e23a302dd164243959468bbd2b124e1b892373737f9c95ad85aba699159be20a

  • SSDEEP

    6144:RloZM+rIkd8g+EtXHkv/iD4TNXVBoOJBiPHaIJtM1ub8e1m6i:joZtL+EP8xXVBoOJBiPHaIJtMEA

Score
10/10
umbralstealer

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c045a0feb21965b697ce7c6abcf68d94.exe
    "C:\Users\Admin\AppData\Local\Temp\c045a0feb21965b697ce7c6abcf68d94.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1968-0-0x00000187BF070000-0x00000187BF0B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1968-1-0x00007FFB795C3000-0x00007FFB795C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1968-2-0x00007FFB795C0000-0x00007FFB7A081000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1968-3-0x00007FFB795C0000-0x00007FFB7A081000-memory.dmp

    Filesize

    10.8MB

    Download