e66c8a51ec9b3aaa63ae4130539277eeb6cabce1d4c580c3128c81959023b1da

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
Size

1.3MB
MD5

99b5653034c8b40bfa9b22ff0cd7f9dd
SHA1

bbc9d66614d4402d086287cd87a7caf0156abe67
SHA256

1c20f475a06d15b9d7ab0bf543c5b43fadeda3e6cc6b71e3f75ee9148e9a60bb
SHA512

50463b11e665d7eaafd7bf79f4c457ec524a165ab978968885708b2f19fc82fcabf66374afe64b71bb9f5d7f7dc8e19d872f1096133d8398e8e555c6023fa079
SSDEEP

24576:/if3rwGETRbnYvzxwiraXR9UXUWApZVbJ7sDSyH:g/uFgxXaB6FOTV7mH

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3164	Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Mortal Shell v1.0-Build.08.13.21 Plus 15 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3164-0-0x00007FFEB3DF3000-0x00007FFEB3DF5000-memory.dmp

Filesize
8KB

Download
memory/3164-1-0x000002A331510000-0x000002A331542000-memory.dmp

Filesize
200KB

Download
memory/3164-2-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-3-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-6-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-7-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-9-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-16-0x00007FFEB3DF3000-0x00007FFEB3DF5000-memory.dmp

Filesize
8KB

Download
memory/3164-17-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-18-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-19-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-20-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-21-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download
memory/3164-22-0x00007FFEB3DF0000-0x00007FFEB48B1000-memory.dmp

Filesize
10.8MB

Download