f423254c861900965e5186819a6d2a8710aa9d60c5de7b2e5da097b19b153942

Analysis

max time kernel
128s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
21/07/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Pulzera.exe
Size

193KB
MD5

5193eb515c0330206527dc3f83650bfe
SHA1

b8278ad29661f59cec26394266f635ea5b674ce4
SHA256

f423254c861900965e5186819a6d2a8710aa9d60c5de7b2e5da097b19b153942
SHA512

930a2ccc697baf321f7451e02abbafea658c03cb074cab8363b9c3565a68cd8eba1bd4d991ad1ef5221b83a27b2c12e1902c29961d1972249bc1b86e87e036ba
SSDEEP

3072:5bzWNPsAnT6e5yRidFEupXvVxRXscNRy8BUmIfcIGGNLmy222t7iBL6kckTMGt8:5bKPiao4pXvVxRXsGRNIv222mL6kcYt

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
2	discord.com

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3592	3340	WerFault.exe	70

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3340	Pulzera.exe

C:\Users\Admin\AppData\Local\Temp\Pulzera.exe
"C:\Users\Admin\AppData\Local\Temp\Pulzera.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 1640
  2⤵
  - Program crash
  PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3340-0-0x00007FFB513E0000-0x00007FFB515BB000-memory.dmp

Filesize
1.9MB

Download
memory/3340-1-0x0000000000A60000-0x0000000000A96000-memory.dmp

Filesize
216KB

Download
memory/3340-2-0x0000000005750000-0x0000000005C4E000-memory.dmp

Filesize
5.0MB

Download