8b13d40ffb470f984837155e90b8dc17457a4c1153967fa9b0e9ed119dbfcfc0 | Triage

Analysis

max time kernel
251s
max time network
292s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 18:06

Sharing

Report Analysis Logs

General

Target

Orbit/cs2-dumper.exe
Size

1.8MB
MD5

5990b58f0f39446914bb6efe78c6d87d
SHA1

8cd1a0bf74920232c8e2044eef432dfc54bcda95
SHA256

eb794988a35cd238029b8523360d6232e9712dfae449f84d84c629c98c84ec6f
SHA512

52a2a50c42f859873f37e3121c42e3d63f8700278a27bead62af2dd2bd5a57541ba914f5fadf2836ceb7c3793bd0a2ef5f9d828c77874029a85d33d9629bfdb5
SSDEEP

49152:RiYL0D6PCP3bK7LzdMZEYeq8KEHaAdSVga+:RiI0Dq0gh

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2296	cs2-dumper.exe
2296	cs2-dumper.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2296	cs2-dumper.exe

C:\Users\Admin\AppData\Local\Temp\Orbit\cs2-dumper.exe
"C:\Users\Admin\AppData\Local\Temp\Orbit\cs2-dumper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads