Analysis

  • max time kernel
    92s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-12-2024 06:15

General

  • Target

    ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe

  • Size

    138KB

  • MD5

    03761d8dac7329f4615f845c2af68020

  • SHA1

    0f7609cec5364fedca06126ca22c2d08d8a7a781

  • SHA256

    ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87

  • SHA512

    e491988e9f6e327a3d2cfaee8b7af5246f0bacebd1f07834c796cb2bf0514fb12af6d9415016f12ddd1f36c2ced74d9ab0b31d76f5680951dfccc7a059a380ec

  • SSDEEP

    3072:pGyxO6HAjmjaa8OP7BJhi5fkuJ3hevv9CMqK:FOeAija07FhRvvr

Malware Config

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot8096061409:AAHjfIm6J1pNB64BDGreFzTd6Z4HVJYTZUo/sendDocument

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe
    "C:\Users\Admin\AppData\Local\Temp\ebea026943b6e923a147fff8cc82f1b03b0ead796272c5d4de268563be321b87N.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4176-1-0x00007FFE84C83000-0x00007FFE84C85000-memory.dmp

    Filesize

    8KB

  • memory/4176-0-0x00000208E5AE0000-0x00000208E5B08000-memory.dmp

    Filesize

    160KB

  • memory/4176-2-0x00007FFE84C80000-0x00007FFE85741000-memory.dmp

    Filesize

    10.8MB

  • memory/4176-4-0x00007FFE84C80000-0x00007FFE85741000-memory.dmp

    Filesize

    10.8MB