Overview

overview

5

Static

static

3

ce1bb5a321...0N.exe

windows7-x64

5

ce1bb5a321...0N.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 06:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce1bb5a3217868ebd6398b007b7ae570N.exe

  • Size

    55KB

  • MD5

    ce1bb5a3217868ebd6398b007b7ae570

  • SHA1

    05e479491cbcf31b36cd19752444cfa75fcbf64e

  • SHA256

    5dabc1175011c6033a80b70d93a1cdd6dfc2b984be671079a2c3f9516e85aba7

  • SHA512

    ebb44f4af2c7d88655cffc6a14f53bc046367c2affc8a10263a159d54a4c358190652c1d6bea46cd4377b628482581a64374d68e9b9d7c89ed67779f9d90e38f

  • SSDEEP

    768:xuJJfqbfZNv+tpRSbPq2bnOyC+JvIKV5Cr+u+H9l7a69qVLq/1A6cVPUTe/Zq:xu/mfZp+yLqHsgKj7u+Hja69qYA7Zq

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce1bb5a3217868ebd6398b007b7ae570N.exe
    "C:\Users\Admin\AppData\Local\Temp\ce1bb5a3217868ebd6398b007b7ae570N.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Users\Admin\AppData\Local\Temp\ce1bb5a3217868ebd6398b007b7ae570N.exe
      C:\Users\Admin\AppData\Local\Temp\ce1bb5a3217868ebd6398b007b7ae570N.exe
      2⤵
        PID:4660
      • C:\Users\Admin\AppData\Local\Temp\ce1bb5a3217868ebd6398b007b7ae570N.exe
        C:\Users\Admin\AppData\Local\Temp\ce1bb5a3217868ebd6398b007b7ae570N.exe
        2⤵
          PID:4544

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4388-0-0x00007FFAAD575000-0x00007FFAAD576000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4388-1-0x00007FFAAD2C0000-0x00007FFAADC61000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/4388-2-0x000000001BD90000-0x000000001BE36000-memory.dmp

        Filesize

        664KB

        Download

      • memory/4388-4-0x00007FFAAD2C0000-0x00007FFAADC61000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/4388-5-0x00007FFAAD2C0000-0x00007FFAADC61000-memory.dmp

        Filesize

        9.6MB

        Download