a1c7157e3d321dc5966c65601335e053edb2c4a1e6cf4f1f678b974a4f2dbf26

Submit
Reports

Overview

overview

Static

static

06ffb7bbd7...da3906

ubuntu-18.04-amd64

06ffb7bbd7...da3906

debian-9-armhf

06ffb7bbd7...da3906

debian-9-mips

06ffb7bbd7...da3906

debian-9-mipsel

154080c584...95.msi

windows7-x64

154080c584...95.msi

windows10-2004-x64

1650ced30c...c5.exe

windows7-x64

1650ced30c...c5.exe

windows10-2004-x64

1a70a7de8a...4a.exe

windows7-x64

1a70a7de8a...4a.exe

windows10-2004-x64

ISSUES INV....1.exe

windows7-x64

ISSUES INV....1.exe

windows10-2004-x64

350fbd43ce...ed.exe

windows7-x64

350fbd43ce...ed.exe

windows10-2004-x64

44faf11719...12.exe

windows7-x64

44faf11719...12.exe

windows10-2004-x64

4853dc09bb...6.html

windows7-x64

4853dc09bb...6.html

windows10-2004-x64

4ba637df90...3f4a9e

ubuntu-22.04-amd64

4f8c1840d6...92df06

ubuntu-22.04-amd64

623534bf15...72.vbs

windows7-x64

623534bf15...72.vbs

windows10-2004-x64

65df637db2...00083b

ubuntu-22.04-amd64

717ad3ee2b...47.dll

windows7-x64

717ad3ee2b...47.dll

windows10-2004-x64

71ba20bdd8...99.pps

windows7-x64

71ba20bdd8...99.pps

windows10-2004-x64

7696fa9654...4f.exe

windows7-x64

7696fa9654...4f.exe

windows10-2004-x64

89ab99f572...b8.exe

windows7-x64

89ab99f572...b8.exe

windows10-2004-x64

8bcc9ea07a...a8.dll

windows7-x64

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 07:41

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx jupyter

6 signatures

Behavioral task

behavioral1

Sample

06ffb7bbd7dd6a47bd3fdb77f86e2bc3b3a9d0112496eed24f75581164da3906

Resource

ubuntu1804-amd64-20240611-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

06ffb7bbd7dd6a47bd3fdb77f86e2bc3b3a9d0112496eed24f75581164da3906

Resource

debian9-armhf-20240418-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

06ffb7bbd7dd6a47bd3fdb77f86e2bc3b3a9d0112496eed24f75581164da3906

Resource

debian9-mipsbe-20240611-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

06ffb7bbd7dd6a47bd3fdb77f86e2bc3b3a9d0112496eed24f75581164da3906

Resource

debian9-mipsel-20240729-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

154080c5844ed76332320fcf3f1773391d80200f18f9025fd05b55b86f8ff795.msi

Resource

win7-20240903-en

discovery persistence privilege_escalation

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral6

Sample

154080c5844ed76332320fcf3f1773391d80200f18f9025fd05b55b86f8ff795.msi

Resource

win10v2004-20241007-en

discovery persistence privilege_escalation

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral7

Sample

1650ced30cfb68451bb432b44f72fa93687d95d83f70fa039658d8cb665508c5.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

1650ced30cfb68451bb432b44f72fa93687d95d83f70fa039658d8cb665508c5.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

1a70a7de8a393638b80336e9d2b225c2fd199d9d3eed3ad2c007656cc20c2b4a.exe

Resource

win7-20240903-en

cryptbot discovery spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral10

Sample

1a70a7de8a393638b80336e9d2b225c2fd199d9d3eed3ad2c007656cc20c2b4a.exe

Resource

win10v2004-20241007-en

cryptbot credential_access discovery spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral11

Sample

ISSUES INVOICE E-4136 REV.1.exe

Resource

win7-20241010-en

xloader u9pi discovery loader rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral12

Sample

ISSUES INVOICE E-4136 REV.1.exe

Resource

win10v2004-20241007-en

xloader u9pi discovery loader rat

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral13

Sample

350fbd43ce6f7d1d3d636aa5b94187d4dcc8e866527cfdc9c9ce226aea3500ed.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

350fbd43ce6f7d1d3d636aa5b94187d4dcc8e866527cfdc9c9ce226aea3500ed.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

4853dc09bbd4a61610a354d5fcd0f9e376e284124c5ff949ba49457eed1f55f6.html

Resource

win7-20240903-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral18

Sample

4853dc09bbd4a61610a354d5fcd0f9e376e284124c5ff949ba49457eed1f55f6.html

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral19

Sample

4ba637df90076330cdace697a87aafc6dd1d1b3a35b4ad924aad80aa7c3f4a9e

Resource

ubuntu2204-amd64-20240611-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

4f8c1840d692d8248f3b7cb478acfbb7e65bdeecd64790a163eaa0db5592df06

Resource

ubuntu2204-amd64-20240522.1-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

623534bf150f2538edb27e51ed56b92f464adb5da8e2db378ec3a666fcb64772.vbs

Resource

win7-20241023-en

asyncrat default discovery rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral22

Sample

623534bf150f2538edb27e51ed56b92f464adb5da8e2db378ec3a666fcb64772.vbs

Resource

win10v2004-20241007-en

asyncrat default discovery rat

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral23

Sample

65df637db227ff1685bdf82ab676de4ed70bffd4c96e6cde70d575217700083b

Resource

ubuntu2204-amd64-20240729-en

ubuntu-22.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

717ad3ee2b9ae94aac5bd01bce9bb945d8c620e3a60f241864dede3646f3dd47.dll

Resource

win7-20240903-en

trickbot zev1 banker discovery trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral25

Sample

717ad3ee2b9ae94aac5bd01bce9bb945d8c620e3a60f241864dede3646f3dd47.dll

Resource

win10v2004-20241007-en

trickbot zev1 banker discovery trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral26

Sample

71ba20bdd899fde2a4e2967bc6c719f2c96146cc80c3dd8953431cb82d4df199.pps

Resource

win7-20240903-en

discovery

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral27

Sample

71ba20bdd899fde2a4e2967bc6c719f2c96146cc80c3dd8953431cb82d4df199.pps

Resource

win10v2004-20241007-en

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral28

Sample

7696fa96542ff737b9eb4152fb3e2c0c04c5972d724d93efe7666fb4b7038f4f.exe

Resource

win7-20241010-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral29

Sample

7696fa96542ff737b9eb4152fb3e2c0c04c5972d724d93efe7666fb4b7038f4f.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

89ab99f5721b691e5513f4192e7c96eb0981ddb6c2d2b94c1a32e2df896397b8.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

89ab99f5721b691e5513f4192e7c96eb0981ddb6c2d2b94c1a32e2df896397b8.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral32

Sample

8bcc9ea07aa49b1c774327cb2fffaea269806805538b40aa8b7d2a89b8cfbca8.dll

Resource

win7-20241010-en

discovery

windows7-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112.exe
Size

31KB
MD5

3a3d600ad9c9615f18003620a1bf5f28
SHA1

7b3b3b8aa37ca78c46ec2774784cf51d190733e8
SHA256

44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112
SHA512

b534f6f93c6679f9cf24361f763859fce6d6fadc684e35de7f9e90f6c2b7427d54204e1e30818bfe67e18c8594cdfde8cd398900b1fbb94f413ea6624826dc67
SSDEEP

384:PIRHc6dhencpSTiTvOmEcCyISjl2GujXX4o9+qHYVD2C5tFjbymX8zaRbm3o8a2M:gVWnE/hrujXXj8W2jRb6Hnwxt3J

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112.exe

description	pid	Process
Token: SeDebugPrivilege	2512	44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112.exe

Processes

C:\Users\Admin\AppData\Local\Temp\44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112.exe
"C:\Users\Admin\AppData\Local\Temp\44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-0-0x000007FEF569E000-0x000007FEF569F000-memory.dmp

Filesize
4KB

Download
memory/2512-1-0x000007FEF53E0000-0x000007FEF5D7D000-memory.dmp

Filesize
9.6MB

Download