0a1e889f7b04ea6eedf129ddb1cc3e87207280a34d17d0dfedfe54a52c9832b6 | Triage

Analysis

max time kernel
132s
max time network
148s
platform
windows7_x64
resource
win7
submitted
09/07/2020, 12:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a1e889f7b04ea6eedf129ddb1cc3e87207280a34d17d0dfedfe54a52c9832b6.exe
Size

600KB
MD5

f1ad65e422cf6bd8f7fe193b898b7def
SHA1

ab46c546b6c315dd4e2f7608db9d43cf24fc4998
SHA256

0a1e889f7b04ea6eedf129ddb1cc3e87207280a34d17d0dfedfe54a52c9832b6
SHA512

d6f5d886090cee2c47e60ef47f59f963dd74335a4944e5b9b9741d0b3c629277b70a354f4423e7cac55b6e0e58820f45cb97c4c643decd8dc691fdfc817cb0ac

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1152	0a1e889f7b04ea6eedf129ddb1cc3e87207280a34d17d0dfedfe54a52c9832b6.exe
Token: SeLockMemoryPrivilege	1152	0a1e889f7b04ea6eedf129ddb1cc3e87207280a34d17d0dfedfe54a52c9832b6.exe

C:\Users\Admin\AppData\Local\Temp\0a1e889f7b04ea6eedf129ddb1cc3e87207280a34d17d0dfedfe54a52c9832b6.exe
"C:\Users\Admin\AppData\Local\Temp\0a1e889f7b04ea6eedf129ddb1cc3e87207280a34d17d0dfedfe54a52c9832b6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads