2e96258f3dd21d059f59831295d32d324a849c87bc5a2149a49c97fcf5783558

Analysis

max time kernel
149s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2025, 17:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25/unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
Size

1.3MB
MD5

5d3424428668d779f83f9798a6c4cc00
SHA1

a8df2536f0adc4d4c2ecfaba8b1d363d55f10b4a
SHA256

c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2
SHA512

81d54419fbea6e008cfbaf5559d0cf3d28abfe432b60cce04fb947f13e0a87bd97aa706ac870bb724474bd6c79e533dc98690afab6d1ac1e7b72f3e8d8ea3002
SSDEEP

24576:kz9GkqDjo0IVw226WctECfw+Jwz/S/67I7dK5HfGoeUQ5OKpmxGlid9YRg2V:wGjjo0Iu7gEow+W7SC7I7kfGorQ5EMS4

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

C:\Users\Admin\AppData\Local\Temp\2024-12-25\unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25\unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2720

Network

DNS

67.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.160.190.20.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

11.153.16.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.153.16.2.in-addr.arpa

IN PTR

Response

11.153.16.2.in-addr.arpa

IN PTR

a2-16-153-11deploystaticakamaitechnologiescom
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

202.143.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.143.101.95.in-addr.arpa

IN PTR

Response

202.143.101.95.in-addr.arpa

IN PTR

a95-101-143-202deploystaticakamaitechnologiescom
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
DNS

carbonmod.gg

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

Remote address:

8.8.8.8:53

Request

carbonmod.gg

IN A

Response

carbonmod.gg

IN A

147.135.88.204
GET

https://carbonmod.gg/api/

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

Remote address:

147.135.88.204:443

Request

GET /api/ HTTP/1.1
Host: carbonmod.gg
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 31 Jan 2025 18:02:28 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/json;charset=UTF-8
DNS

api.github.com

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
GET

https://api.github.com/repos/OxideMod/Oxide.Rust/releases/latest

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

Remote address:

20.26.156.210:443

Request

GET /repos/OxideMod/Oxide.Rust/releases/latest HTTP/1.1
User-Agent: My GitHub API Client
Host: api.github.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 31 Jan 2025 18:02:29 GMT
Content-Type: application/json; charset=utf-8
Cache-Control: public, max-age=60, s-maxage=60
Vary: Accept,Accept-Encoding, Accept, X-Requested-With
ETag: W/"e7e9317cf86010ade2a5adfb4ceece5286b747d04f477ed9845b59146fa5583f"
Last-Modified: Mon, 27 Jan 2025 12:31:04 GMT
X-GitHub-Media-Type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Content-Security-Policy: default-src 'none'
Server: github.com
Accept-Ranges: bytes
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
X-RateLimit-Reset: 1738347627
X-RateLimit-Resource: core
X-RateLimit-Used: 3
Content-Length: 5025
X-GitHub-Request-Id: FC02:3F94FA:65DDB1:86963E:679D1035
DNS

204.88.135.147.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.88.135.147.in-addr.arpa

IN PTR

Response

204.88.135.147.in-addr.arpa

IN PTR

ip204 ip-147-135-88us
DNS

whenisupdate.com

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

Remote address:

8.8.8.8:53

Request

whenisupdate.com

IN A

Response

whenisupdate.com

IN A

167.235.225.8

whenisupdate.com

IN A

37.27.6.73

whenisupdate.com

IN A

65.109.167.113
DNS

210.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.156.26.20.in-addr.arpa

IN PTR

Response
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response

95.101.143.202:443

www.bing.com

tls

1.4kB
6.4kB
16
13
147.135.88.204:443

https://carbonmod.gg/api/

tls, http

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

810 B
4.9kB
10
9

HTTP Request

GET https://carbonmod.gg/api/

HTTP Response

200
20.26.156.210:443

https://api.github.com/repos/OxideMod/Oxide.Rust/releases/latest

tls, http

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

977 B
10.4kB
12
13

HTTP Request

GET https://api.github.com/repos/OxideMod/Oxide.Rust/releases/latest

HTTP Response

200
167.235.225.8:443

whenisupdate.com

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

260 B
200 B
5
5
37.27.6.73:443

whenisupdate.com

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

260 B
200 B
5
5
65.109.167.113:443

whenisupdate.com

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

260 B
200 B
5
5

8.8.8.8:53

67.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

67.160.190.20.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

11.153.16.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

11.153.16.2.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

202.143.101.95.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

202.143.101.95.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

carbonmod.gg

dns

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

58 B
74 B
1
1

DNS Request

carbonmod.gg

DNS Response

147.135.88.204
8.8.8.8:53

api.github.com

dns

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

204.88.135.147.in-addr.arpa

dns

73 B
109 B
1
1

DNS Request

204.88.135.147.in-addr.arpa
8.8.8.8:53

whenisupdate.com

dns

unknown-c9b4bcd53dae4000069befc3a53329f4ad7f104b8823fefe389ed280cde1c8e2.exe

62 B
110 B
1
1

DNS Request

whenisupdate.com

DNS Response

167.235.225.8

37.27.6.73

65.109.167.113
8.8.8.8:53

210.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

210.156.26.20.in-addr.arpa
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2720-0-0x00007FFAB3A33000-0x00007FFAB3A35000-memory.dmp

Filesize
8KB

Download
memory/2720-1-0x0000020553B50000-0x0000020553CA0000-memory.dmp

Filesize
1.3MB

Download
memory/2720-2-0x000002056E4D0000-0x000002056E52E000-memory.dmp

Filesize
376KB

Download
memory/2720-3-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-4-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-5-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-6-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-8-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-7-0x0000020571730000-0x00000205717E0000-memory.dmp

Filesize
704KB

Download
memory/2720-9-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-10-0x00000205720B0000-0x00000205720D2000-memory.dmp

Filesize
136KB

Download
memory/2720-11-0x00007FFAB3A33000-0x00007FFAB3A35000-memory.dmp

Filesize
8KB

Download
memory/2720-12-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-13-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download
memory/2720-14-0x00007FFAB3A30000-0x00007FFAB44F1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.