ed1a371e8918f6f1dde9fad1e3edb2c984ea3704217e2bca5b2489b61d1bc56e | Triage

Analysis

max time kernel
122s
max time network
121s
platform
windows10_x64
resource
win10
submitted
08-07-2020 07:20

Sharing

Report Analysis Logs

General

Target

b00d56d99248f7ae074a2e8aab07c67d.exe
Size

20KB
MD5

b00d56d99248f7ae074a2e8aab07c67d
SHA1

5f4e91de606bb79eff2f4520ecacaecf550be7a0
SHA256

ed1a371e8918f6f1dde9fad1e3edb2c984ea3704217e2bca5b2489b61d1bc56e
SHA512

edcb6bf295a43c48d57d6a9b1d30809ce2372ff11235e7302ebb954a81ae7583d49902ed88c34408e965d91b30c0ee51727ddce5799b24e9645bef02594547bb

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

b00d56d99248f7ae074a2e8aab07c67d.exe

description pid process

Token: SeDebugPrivilege 344 b00d56d99248f7ae074a2e8aab07c67d.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

b00d56d99248f7ae074a2e8aab07c67d.exe

description	pid	process	target process
PID 344 wrote to memory of 3848	344	b00d56d99248f7ae074a2e8aab07c67d.exe	AddInProcess32.exe
PID 344 wrote to memory of 3848	344	b00d56d99248f7ae074a2e8aab07c67d.exe	AddInProcess32.exe
PID 344 wrote to memory of 3848	344	b00d56d99248f7ae074a2e8aab07c67d.exe	AddInProcess32.exe

C:\Users\Admin\AppData\Local\Temp\b00d56d99248f7ae074a2e8aab07c67d.exe
"C:\Users\Admin\AppData\Local\Temp\b00d56d99248f7ae074a2e8aab07c67d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
2⤵
PID:3848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...