dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904 | Triage

Analysis

max time kernel
148s
max time network
119s
platform
windows7_x64
resource
win7
submitted
07/07/2020, 12:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe
Size

104KB
MD5

809ff867d2cfe803ef4ae4102283b45c
SHA1

734807ef7b402219ab1badb5d5c1804639a465f9
SHA256

dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904
SHA512

94da64895176e6df7c20875a8bf411bb4e4f10688aac1dc3a76479e83719951f793beb2fd8c82bc2016ef824c19a8666d40b9f0762def2a3a2c150d2dca7ace3

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1516	dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1516	dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe
Token: SeDebugPrivilege	1516	dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe
Token: SeDebugPrivilege	1516	dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe
Token: SeDebugPrivilege	1516	dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe
Token: SeDebugPrivilege	1516	dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe
Token: SeDebugPrivilege	1516	dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe

C:\Users\Admin\AppData\Local\Temp\dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe
"C:\Users\Admin\AppData\Local\Temp\dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads