dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8 | Triage

Analysis

max time kernel
38s
max time network
52s
platform
windows7_x64
resource
win7v200430
submitted
07-07-2020 10:23

Sharing

Report Analysis Logs

General

Target

84a0f9d46ca77c5ae10713f844cfedbd.exe
Size

20KB
MD5

84a0f9d46ca77c5ae10713f844cfedbd
SHA1

1e1cdc9cc03c026157bdc5dca1f9c0ee78de71aa
SHA256

dbbc9e640af23658de56eba2f5ec2152de38fa35f11343f0d2216b8b5d7967a8
SHA512

69cc6970ff185a0795257739a41864d69306468bc82cdddfec20b0239a00f562d8e0a012a7127c2bdae083da38e3700e0099b933436850e85137c5f7d1fe73ed

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 784	1388	84a0f9d46ca77c5ae10713f844cfedbd.exe	24
PID 1388 wrote to memory of 784	1388	84a0f9d46ca77c5ae10713f844cfedbd.exe	24
PID 1388 wrote to memory of 784	1388	84a0f9d46ca77c5ae10713f844cfedbd.exe	24
PID 1388 wrote to memory of 784	1388	84a0f9d46ca77c5ae10713f844cfedbd.exe	24

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1388	84a0f9d46ca77c5ae10713f844cfedbd.exe

C:\Users\Admin\AppData\Local\Temp\84a0f9d46ca77c5ae10713f844cfedbd.exe
"C:\Users\Admin\AppData\Local\Temp\84a0f9d46ca77c5ae10713f844cfedbd.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
PID:1388
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  2⤵
  PID:784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads