Analysis

  • max time kernel
    143s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2024 06:34

General

  • Target

    PAIcom/PAIcom/PAIcom.exe

  • Size

    59.8MB

  • MD5

    8cda69ad7ddbefb27fc0896e186c5dde

  • SHA1

    038ba33b62a71b4d234bca6f36fc854f32212287

  • SHA256

    ce4c19e71cc81384379846b79cbc4e3153d8b639355b4b95fa8cad32b28589af

  • SHA512

    2bb40ae549a9dbcd257e61a7e5640843b83f327d51f42d4a2790ec7513356445c9d6e221e8edf58a77bcecd9722e091003526c120bc0f045739296f8ada6e636

  • SSDEEP

    1572864:SEExeiBvL4+a8Jv+tODgsCkYphN4C+iVwUTJ2:SZ4oU4JW8yFNnv9T

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PAIcom\PAIcom\PAIcom.exe
    "C:\Users\Admin\AppData\Local\Temp\PAIcom\PAIcom\PAIcom.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1056-0-0x00000000752CE000-0x00000000752CF000-memory.dmp

    Filesize

    4KB

  • memory/1056-1-0x0000000000010000-0x0000000003BD4000-memory.dmp

    Filesize

    59.8MB

  • memory/1056-2-0x00000000752CE000-0x00000000752CF000-memory.dmp

    Filesize

    4KB

  • memory/1056-3-0x00000000172F0000-0x000000001AF7A000-memory.dmp

    Filesize

    60.5MB

  • memory/1056-4-0x000000001E730000-0x000000001ECD4000-memory.dmp

    Filesize

    5.6MB

  • memory/1056-5-0x00000000752C0000-0x0000000075A70000-memory.dmp

    Filesize

    7.7MB

  • memory/1056-6-0x000000001E160000-0x000000001E1F2000-memory.dmp

    Filesize

    584KB

  • memory/1056-7-0x000000000C7A0000-0x000000000C7AA000-memory.dmp

    Filesize

    40KB

  • memory/1056-10-0x00000000752C0000-0x0000000075A70000-memory.dmp

    Filesize

    7.7MB

  • memory/1056-11-0x00000000752C0000-0x0000000075A70000-memory.dmp

    Filesize

    7.7MB

  • memory/1056-12-0x00000000752C0000-0x0000000075A70000-memory.dmp

    Filesize

    7.7MB