Analysis
-
max time kernel
20s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-01-2021 17:17
Errors
Reason
Machine shutdown
General
-
Target
VTPatcher.exe
-
Size
123KB
-
MD5
887f4256e86487df513fc0f91f5e6cb7
-
SHA1
892ca49a0108af495a31fd6d225915d62ec2d136
-
SHA256
e6cd1af91356aeab2550acec945681ed5e82eb9660936b4f4e73509c0c602aae
-
SHA512
123c19f36c19b93f216a56b394fd4c4ffaf1ae18438b8d916e5278d5355b7b20a9a7f12f56dacd6d741932ef5d036304b966aa93f540578f177961453e229915
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\VTPatcher.exe"C:\Users\Admin\AppData\Local\Temp\VTPatcher.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/592-10-0x00000000027E0000-0x00000000027E1000-memory.dmpFilesize
4KB
-
memory/1556-7-0x000007FEFB811000-0x000007FEFB813000-memory.dmpFilesize
8KB
-
memory/1556-8-0x00000000027C0000-0x00000000027C1000-memory.dmpFilesize
4KB
-
memory/1748-2-0x000007FEF54A0000-0x000007FEF5E8C000-memory.dmpFilesize
9.9MB
-
memory/1748-3-0x0000000000B50000-0x0000000000B51000-memory.dmpFilesize
4KB
-
memory/1748-5-0x0000000000250000-0x0000000000251000-memory.dmpFilesize
4KB
-
memory/1748-6-0x000000001ADF0000-0x000000001ADF2000-memory.dmpFilesize
8KB