Analysis
-
max time kernel
13s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
22-10-2024 14:02
Static task
static1
Behavioral task
behavioral1
Sample
Rundholterne89.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Rundholterne89.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Levitator/Exungulate.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Levitator/Exungulate.ps1
Resource
win10v2004-20241007-en
General
-
Target
Levitator/Exungulate.ps1
-
Size
54KB
-
MD5
0d2ce39822e9236a380f4d1d53550e93
-
SHA1
8381b0e62708112dbfbed036650bf0667ec4476b
-
SHA256
ed34db2a55a35c90b524d2448353eb73d28da7d7ff401477165c226ff25de9af
-
SHA512
f365bb861db3fc6d29736b3f8c0377bb4f8318fff94bc96033ae208760082b529b8aea4cf79de9efa3608c79ac91fe57e19f26959831f621bba8816e1013afc3
-
SSDEEP
1536:L3ZsYDoSFyAkhotYr3XpNhdrWlR7uDZy4k:DiYMSFyVoANpy4k
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 2344 powershell.exe 2344 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2344 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
powershell.exedescription pid process target process PID 2344 wrote to memory of 2760 2344 powershell.exe wermgr.exe PID 2344 wrote to memory of 2760 2344 powershell.exe wermgr.exe PID 2344 wrote to memory of 2760 2344 powershell.exe wermgr.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Levitator\Exungulate.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2344" "912"2⤵PID:2760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c9892eb1daf6c4337e8f24f86a9905a3
SHA14fa69503b7e972922a960ca676991b0e0e0cc559
SHA256d309a88b1862eef70893e5dc1e8ad47c6de11901bf6d86d75c96c6563ee7c48a
SHA51266c062f7f29d69a2bbe6c4da10d3c5d063f07220bb4950e3685067bf386f48d792236b67e7e06716b780cd6926620df02ebcd68ad5a7ffa6812b85c454104450