Overview

overview

10

Static

static

10

0x00070000...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2025, 12:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x0007000000024246-80.exe

  • Size

    303KB

  • MD5

    c1bd28d151c9557fc0b441f864c7b3d0

  • SHA1

    330ba588d809c8908468178b548afc6ed26fb91a

  • SHA256

    a9136c89f82063ae8f594293fd8738c407eb551c00b04ff147e1e58fbdbab422

  • SHA512

    8126a8741988df068c23911eea05eb28a57222587a3f9a722aed497da89981012c7cc44ff0b51f7d9436b536b1468403ac0276b153d70ee85ec0d77d4045a1ce

  • SSDEEP

    6144:Vz2ZNT6MDdbICydeBblLIGv2A5sA2s6pmA1D0zTq:Vzi5IGv20sEC1DIq

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1324859273448128522/35NX8pTWSAG9BYKMS0plx5Cvuvs_8H5JGZj2A702Gn1FEZ64KTjaAl3gNKdJNc1eYdeY

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x0007000000024246-80.exe
    "C:\Users\Admin\AppData\Local\Temp\0x0007000000024246-80.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5332

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5332-0-0x00007FFA07953000-0x00007FFA07955000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5332-1-0x0000020B4D430000-0x0000020B4D482000-memory.dmp

    Filesize

    328KB

    Download

  • memory/5332-30-0x00007FFA07950000-0x00007FFA08411000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5332-31-0x00007FFA07950000-0x00007FFA08411000-memory.dmp

    Filesize

    10.8MB

    Download