Overview

overview

8

Static

static

3

lenovo_mapper.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    13s
  • max time network
    14s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lenovo_mapper.exe

  • Size

    114KB

  • MD5

    f4e0ff8e62d325aaf57cb29717c8401a

  • SHA1

    c95f93afff7cb0eed6d5572c6eab8ceeed3da318

  • SHA256

    079e9484394d6d625e8b21d69bb24f6b4a3055fbfa996f13fcf69d31711b2fca

  • SHA512

    a8f0b0c41314bf4fae60861ee8b6cf0fdd6fb58bc3071b11c37b3962ccb93157bd016206ab5b233ed1809c347d18d539bd0b0e53e5db502a77462b2d21bdde78

  • SSDEEP

    3072:NCcSesQHsi4ulpGDk+cWUtsrVYY9jXTD+mJEqQyvET:Nn1tHsSlpGDPnOspYYFD+1yM

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lenovo_mapper.exe
    "C:\Users\Admin\AppData\Local\Temp\lenovo_mapper.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c pause
      2⤵
        PID:4512

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads