cfac75f3ee6ba6f7816e73908f679a7c185b12044580c1f6b0cbf41dfe74b0f7 | Triage

Analysis

max time kernel
75s
max time network
136s
platform
windows10_x64
resource
win10
submitted
09-07-2020 18:28

Sharing

Report Analysis Logs

General

Target

2e31bb2a664c08df661b6af6905a6702.exe
Size

19KB
MD5

2e31bb2a664c08df661b6af6905a6702
SHA1

b48122cace403170b55457105cb0c43fac68ead2
SHA256

cfac75f3ee6ba6f7816e73908f679a7c185b12044580c1f6b0cbf41dfe74b0f7
SHA512

888bf0e7e2505f6f866dd2925d0740e8760308296e41888bf2d63240b7aabadb1621b845b8a6530ed6c727eb79a59b72eeab30d2eef1bb69aef1a4ced1e9000a

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	716	2e31bb2a664c08df661b6af6905a6702.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 3108	716	2e31bb2a664c08df661b6af6905a6702.exe	67
PID 716 wrote to memory of 3108	716	2e31bb2a664c08df661b6af6905a6702.exe	67
PID 716 wrote to memory of 3108	716	2e31bb2a664c08df661b6af6905a6702.exe	67

C:\Users\Admin\AppData\Local\Temp\2e31bb2a664c08df661b6af6905a6702.exe
"C:\Users\Admin\AppData\Local\Temp\2e31bb2a664c08df661b6af6905a6702.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:716
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  2⤵
  PID:3108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads