e9e6a5e4d64f01b158801bbaead6aedfeeb8cd754e734d1471f591ca3e2c08f8

Submit
Reports

Overview

overview

Static

static

d92866420d...ea.exe

windows7-x64

d92866420d...ea.exe

windows10-2004-x64

d986bd8230...2e.exe

windows7-x64

d986bd8230...2e.exe

windows10-2004-x64

d9a7a84e51...74.exe

windows7-x64

d9a7a84e51...74.exe

windows10-2004-x64

d9cf29b555...3f.exe

windows7-x64

d9cf29b555...3f.exe

windows10-2004-x64

d9d8ce72be...b6.exe

windows7-x64

d9d8ce72be...b6.exe

windows10-2004-x64

da04c1cc45...42.exe

windows7-x64

da04c1cc45...42.exe

windows10-2004-x64

da2ab0267a...4d.exe

windows7-x64

da2ab0267a...4d.exe

windows10-2004-x64

da4889c628...ff.exe

windows7-x64

da4889c628...ff.exe

windows10-2004-x64

da73f61369...a3.exe

windows7-x64

da73f61369...a3.exe

windows10-2004-x64

dadf12489e...10.exe

windows7-x64

dadf12489e...10.exe

windows10-2004-x64

dae2049164...df.exe

windows7-x64

dae2049164...df.exe

windows10-2004-x64

db06d80b63...7f.exe

windows7-x64

db06d80b63...7f.exe

windows10-2004-x64

db0b5b8185...a6.exe

windows7-x64

db0b5b8185...a6.exe

windows10-2004-x64

db34bce8df...eb.exe

windows7-x64

db34bce8df...eb.exe

windows10-2004-x64

db41218c5e...fd.exe

windows7-x64

db41218c5e...fd.exe

windows10-2004-x64

db547399ad...cd.exe

windows7-x64

db547399ad...cd.exe

windows10-2004-x64

Analysis

max time kernel
101s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:17

Sharing

Copy URL

Twitter E-mail

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

d92866420d8daf87ded38ffc92b6a8db1cc13c93e7529db32979a5e52d9c0bea.exe

Resource

win7-20240903-en

defense_evasion execution trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d92866420d8daf87ded38ffc92b6a8db1cc13c93e7529db32979a5e52d9c0bea.exe

Resource

win10v2004-20250314-en

defense_evasion execution trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral3

Sample

d986bd823023960d3592fbd96b01a297d157c818c3eb3c141794f694fa97262e.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

d986bd823023960d3592fbd96b01a297d157c818c3eb3c141794f694fa97262e.exe

Resource

win10v2004-20250314-en

discovery persistence

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral5

Sample

d9a7a84e51c67d1a641349c9195c4f74.exe

Resource

win7-20241010-en

dcrat defense_evasion execution infostealer persistence rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral6

Sample

d9a7a84e51c67d1a641349c9195c4f74.exe

Resource

win10v2004-20250314-en

dcrat defense_evasion execution infostealer persistence rat trojan

windows10-2004-x64

22 signatures

150 seconds

Behavioral task

behavioral7

Sample

d9cf29b5554af511c587d42fc89b333f.exe

Resource

win7-20240903-en

xworm execution persistence rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral8

Sample

d9cf29b5554af511c587d42fc89b333f.exe

Resource

win10v2004-20250314-en

xworm execution persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral9

Sample

d9d8ce72bea14182d0909964ca07a8b6.exe

Resource

win7-20240903-en

dcrat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral10

Sample

d9d8ce72bea14182d0909964ca07a8b6.exe

Resource

win10v2004-20250314-en

dcrat infostealer rat

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral11

Sample

da04c1cc45ee3c15dfa9a951b1e3c8d2d3fe4caa814713749b9471f3d1d49442.exe

Resource

win7-20240903-en

dcrat execution infostealer rat

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral12

Sample

da04c1cc45ee3c15dfa9a951b1e3c8d2d3fe4caa814713749b9471f3d1d49442.exe

Resource

win10v2004-20250314-en

dcrat execution infostealer rat

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral13

Sample

da2ab0267a2a37786edfb78c7a6a694d.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral14

Sample

da2ab0267a2a37786edfb78c7a6a694d.exe

Resource

win10v2004-20250314-en

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral15

Sample

da4889c62855c58d6c05523169436f46cac74ad92b8e173c443bc8225cc8e7ff.exe

Resource

win7-20240729-en

remcos host discovery persistence rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral16

Sample

da4889c62855c58d6c05523169436f46cac74ad92b8e173c443bc8225cc8e7ff.exe

Resource

win10v2004-20250314-en

remcos host discovery persistence rat spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral17

Sample

da73f613691fb380fa55261dc95a520f5c8b90ecd91ee741b56cb3628ac259a3.exe

Resource

win7-20250207-en

collection credential_access discovery persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral18

Sample

da73f613691fb380fa55261dc95a520f5c8b90ecd91ee741b56cb3628ac259a3.exe

Resource

win10v2004-20250314-en

collection credential_access discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral19

Sample

dadf12489ed76150718a6ef93c7fe010.exe

Resource

win7-20240903-en

dcrat defense_evasion execution infostealer rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral20

Sample

dadf12489ed76150718a6ef93c7fe010.exe

Resource

win10v2004-20250314-en

dcrat defense_evasion execution infostealer rat trojan

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral21

Sample

dae2049164a4504d985a9d3aa054939139e01691fe60d175d27fcad81b4b1fdf.exe

Resource

win7-20240903-en

collection credential_access discovery persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral22

Sample

dae2049164a4504d985a9d3aa054939139e01691fe60d175d27fcad81b4b1fdf.exe

Resource

win10v2004-20250314-en

collection credential_access discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral23

Sample

db06d80b635eadd508aae82af68fb07f.exe

Resource

win7-20241010-en

xworm execution persistence rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral24

Sample

db06d80b635eadd508aae82af68fb07f.exe

Resource

win10v2004-20250314-en

xworm execution persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral25

Sample

db0b5b8185efd6ca7c3f569aec811ea6.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

db0b5b8185efd6ca7c3f569aec811ea6.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

db34bce8df2aa261ca6ff400843ca6eb.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

db34bce8df2aa261ca6ff400843ca6eb.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

db41218c5e70c47489a3c8e20c0a0402eb80c67f67b281503589430480d715fd.exe

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

db41218c5e70c47489a3c8e20c0a0402eb80c67f67b281503589430480d715fd.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

db547399adb1223b51dd04ca54bc0dcd.exe

Resource

win7-20240903-en

defense_evasion execution trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral32

Sample

db547399adb1223b51dd04ca54bc0dcd.exe

Resource

win10v2004-20250314-en

defense_evasion execution trojan

windows10-2004-x64

17 signatures

150 seconds

Report Analysis Logs

General

Target

db41218c5e70c47489a3c8e20c0a0402eb80c67f67b281503589430480d715fd.exe
Size

13KB
MD5

52b818c373a9aba2551a9cc823485893
SHA1

3e69f6652ddd9108ae6b7c3735f108cc001c8115
SHA256

db41218c5e70c47489a3c8e20c0a0402eb80c67f67b281503589430480d715fd
SHA512

d9a32c4914e91b9724918732ef01a023fe07bcad6fb529bb6401663416c396b6477be974a76640ec17a91a592163f130c39695b00814fbe10d6ad94868c00007
SSDEEP

192:kLNSWs+WAyaSOmywSoF2pHb4i5yXDuLaE2v1OhbJQ+AN2XWEXWY:kLMymywtcpHb40CuL329hN+WEXW

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4160	db41218c5e70c47489a3c8e20c0a0402eb80c67f67b281503589430480d715fd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\db41218c5e70c47489a3c8e20c0a0402eb80c67f67b281503589430480d715fd.exe
"C:\Users\Admin\AppData\Local\Temp\db41218c5e70c47489a3c8e20c0a0402eb80c67f67b281503589430480d715fd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4160-0-0x0000000000040000-0x000000000004A000-memory.dmp

Filesize
40KB

Download
memory/4160-1-0x00007FFFD38A3000-0x00007FFFD38A5000-memory.dmp

Filesize
8KB

Download
memory/4160-3-0x00007FFFD38A0000-0x00007FFFD4361000-memory.dmp

Filesize
10.8MB

Download
memory/4160-4-0x00007FFFD38A0000-0x00007FFFD4361000-memory.dmp

Filesize
10.8MB

Download