Overview

overview

1

Static

static

1

ProAI_Installer.exe

windows10-2004-x64

1

Resubmissions

01/10/2024, 10:46

241001-mve3gszaqa 1

23/09/2024, 13:39

240923-qxy5xsxfrj 1

Analysis

  • max time kernel
    1095s
  • max time network
    1139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2024, 10:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ProAI_Installer.exe

  • Size

    51.5MB

  • MD5

    22d0e2d0845b6eddb9d894448f7e3ed3

  • SHA1

    80e6c96edeb4c4677e0bee2cf659e0a81eaf2bc2

  • SHA256

    496b7707e779c1aa2d22954037f5df17a0e528f4f3e97f89cbf40c795c57e36c

  • SHA512

    73d5564fb6d8686a7068962a6743f927fa4f246d0d0fa4fe36418bee10a490151a62e32a9d75f3cf24bcf4d15c2fd5c5d4bc467730c915c21d63b160cc5bbc11

  • SSDEEP

    1572864:HmrYamSMSqfgGXMMwTrqqp9rVeZjjuB7Npd3Xo:Gr1mv9fgYo3p9Z2KjX

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProAI_Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\ProAI_Installer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4668
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:696

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4668-0-0x00007FFF127F3000-0x00007FFF127F5000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4668-1-0x000002352C970000-0x000002352FCEE000-memory.dmp

            Filesize

            51.5MB

            Download

          • memory/4668-2-0x00007FFF127F0000-0x00007FFF132B1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4668-3-0x000002354DB20000-0x000002354E048000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/4668-4-0x00007FFF127F3000-0x00007FFF127F5000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4668-5-0x00007FFF127F0000-0x00007FFF132B1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4668-7-0x00007FFF127F0000-0x00007FFF132B1000-memory.dmp

            Filesize

            10.8MB

            Download