Analysis

  • max time kernel
    121s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 06:34

General

  • Target

    PAIcom/PAIcom/PAIcom.exe

  • Size

    59.8MB

  • MD5

    8cda69ad7ddbefb27fc0896e186c5dde

  • SHA1

    038ba33b62a71b4d234bca6f36fc854f32212287

  • SHA256

    ce4c19e71cc81384379846b79cbc4e3153d8b639355b4b95fa8cad32b28589af

  • SHA512

    2bb40ae549a9dbcd257e61a7e5640843b83f327d51f42d4a2790ec7513356445c9d6e221e8edf58a77bcecd9722e091003526c120bc0f045739296f8ada6e636

  • SSDEEP

    1572864:SEExeiBvL4+a8Jv+tODgsCkYphN4C+iVwUTJ2:SZ4oU4JW8yFNnv9T

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PAIcom\PAIcom\PAIcom.exe
    "C:\Users\Admin\AppData\Local\Temp\PAIcom\PAIcom\PAIcom.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2980-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

    Filesize

    4KB

  • memory/2980-1-0x0000000000B50000-0x0000000004714000-memory.dmp

    Filesize

    59.8MB

  • memory/2980-2-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

    Filesize

    4KB

  • memory/2980-3-0x0000000017500000-0x000000001B18A000-memory.dmp

    Filesize

    60.5MB

  • memory/2980-4-0x0000000074EA0000-0x000000007558E000-memory.dmp

    Filesize

    6.9MB

  • memory/2980-7-0x0000000074EA0000-0x000000007558E000-memory.dmp

    Filesize

    6.9MB

  • memory/2980-8-0x0000000074EA0000-0x000000007558E000-memory.dmp

    Filesize

    6.9MB