Analysis

  • max time kernel
    134s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/08/2024, 20:44

General

  • Target

    The.Sapling.v11.30/The.Sapling.v11.30/the_sapling.exe

  • Size

    22.4MB

  • MD5

    a55e79e51bf43dec2001efb124a2c1a0

  • SHA1

    2585f4c079bd1d0a45ae67c098737b6308e7534b

  • SHA256

    40d3819ec4ad62539ebf6d65f55c195f90d7305cb4c51c567f01716e831ef282

  • SHA512

    88bf57278c33816ca785202acb7d80d87906e3f8f39ba45c403e7ce39ba6474a22e79fbcdc5d64270d7a886cadc8c585c5157618ba2da4230442e27cfdddfac8

  • SSDEEP

    393216:sbIjpwyjlK2m5MM2cf9WPBK53E2vaPvWfpXJu4+Ahze:l2Tu4VN

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\The.Sapling.v11.30\The.Sapling.v11.30\the_sapling.exe
    "C:\Users\Admin\AppData\Local\Temp\The.Sapling.v11.30\The.Sapling.v11.30\the_sapling.exe"
    1⤵
      PID:760
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x490 0x394
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2104

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/760-1-0x0000000004D10000-0x0000000004E10000-memory.dmp

      Filesize

      1024KB

    • memory/760-0-0x0000000005360000-0x0000000005460000-memory.dmp

      Filesize

      1024KB

    • memory/760-2-0x0000000005360000-0x0000000005460000-memory.dmp

      Filesize

      1024KB

    • memory/760-3-0x0000000004D10000-0x0000000004E10000-memory.dmp

      Filesize

      1024KB