Overview

overview

6

Static

static

3

eba221de18...af.exe

windows7-x64

1

eba221de18...af.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eba221de1897d0121f15d7b751f10f0135d68822e6fe0f423d6f34aa18963faf.exe

  • Size

    32.8MB

  • MD5

    9bb40b0d9d7190396fc11bf8e6dd1889

  • SHA1

    639fdf34eac1439547b6f4b2accfacde703419d1

  • SHA256

    eba221de1897d0121f15d7b751f10f0135d68822e6fe0f423d6f34aa18963faf

  • SHA512

    5982ca1c7c227f8ebaa987217c451ec9004a62abdb8cd6df8a166ef3f934735e121ea3a7cc1aa54022aede00cc61fb38db2fc0062e5936272dc87098aac96914

  • SSDEEP

    196608:I+eMdECjbcH6IuAoR4KK2TWN5fIM2MqGLU46cJuzIB/D:I+YCjTIMLYRwqP6cv

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eba221de1897d0121f15d7b751f10f0135d68822e6fe0f423d6f34aa18963faf.exe
    "C:\Users\Admin\AppData\Local\Temp\eba221de1897d0121f15d7b751f10f0135d68822e6fe0f423d6f34aa18963faf.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-1-0x00007FF662440000-0x00007FF66458B000-memory.dmp

    Filesize

    33.3MB

    Download

  • memory/2044-7-0x00007FF662440000-0x00007FF66458B000-memory.dmp

    Filesize

    33.3MB

    Download

  • memory/2044-10-0x00007FF662440000-0x00007FF66458B000-memory.dmp

    Filesize

    33.3MB

    Download

  • memory/2044-14-0x00007FF662440000-0x00007FF66458B000-memory.dmp

    Filesize

    33.3MB

    Download