Overview

overview

6

Static

static

3

2164e1e419...0N.exe

windows7-x64

6

2164e1e419...0N.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 22:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2164e1e41979afc0257617b3e73faaa0N.exe

  • Size

    3.8MB

  • MD5

    2164e1e41979afc0257617b3e73faaa0

  • SHA1

    1d968b6def0f7b05711924cfbf4a8927105d2355

  • SHA256

    26373132138c5833a3fc642923f9d7e423732de484891b9a94187afcfaa88f1a

  • SHA512

    040967a20a8d5ba8944fb2ff2a99c75b987278be3299f9f34fdbed854f75cc2488cbd47d1b93915a3b8ff6bb76ed380a0493a20053890606a4820d91736621f9

  • SSDEEP

    24576:GRcRcygSAthXLy3rftdfwmTKxmRp5fAZUlIC66ExMNcVOEjagNIow+tZGIAErvLb:FG3JJHRjJ+gP2KVybvGGRoQBU

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2164e1e41979afc0257617b3e73faaa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2164e1e41979afc0257617b3e73faaa0N.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4372-0-0x00007FFF2CB43000-0x00007FFF2CB45000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4372-1-0x0000000000ED0000-0x00000000012A6000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/4372-2-0x000000001BF50000-0x000000001C136000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4372-3-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4372-4-0x000000001BF10000-0x000000001BF22000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4372-5-0x000000001EC80000-0x000000001ECBC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4372-7-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4372-8-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4372-9-0x00007FFF2CB43000-0x00007FFF2CB45000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4372-10-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4372-11-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4372-12-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4372-13-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4372-14-0x00007FFF2CB40000-0x00007FFF2D601000-memory.dmp

    Filesize

    10.8MB

    Download