ad58c0233dec8755271f0b52845a93136b4c8ebd2d3d5c7a8135ebb52f969d1f | Triage

Analysis

max time kernel
149s
max time network
112s
platform
windows10_x64
resource
win10v20201028
submitted
14-01-2021 10:51

Sharing

Report Analysis Logs

General

Target

cbbz.exe
Size

15KB
MD5

2baa1d98395e98976985b9a871741785
SHA1

a84c04bdb6d515d7fd98b538228bf2c1c3524a22
SHA256

38b95347ba07fac0e6c6d0fbc20fa6decd012f7abd48526de3998044825f5d90
SHA512

48482666437f7ac3d4ef34a591e05de05f5860f808fddf1cc37600aaa47446d6884ab7e72eae9e759fa6ea4264ea36bb15eb4fedc6307e7fa1aa451a33865c0f

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

cbbz.exe

pid	process
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe
2724	cbbz.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

cbbz.exe

description pid process

Token: SeDebugPrivilege 2724 cbbz.exe

C:\Users\Admin\AppData\Local\Temp\cbbz.exe
"C:\Users\Admin\AppData\Local\Temp\cbbz.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2724

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2724-2-0x00007FF8207C0000-0x00007FF8211AC000-memory.dmp

Filesize
9.9MB

Download
memory/2724-3-0x0000021354200000-0x0000021354201000-memory.dmp

Filesize
4KB

Download