Analysis
-
max time kernel
33s -
max time network
32s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
18-01-2021 18:03
Static task
static1
Behavioral task
behavioral1
Sample
917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exe
-
Size
104KB
-
MD5
d0e03def597d852dcb93458cfa596843
-
SHA1
6f907f8f731f84cdaf19f07abe2b02bd3975ebfd
-
SHA256
917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0
-
SHA512
8868b2ec512626b6d5a1e15453c66dea70c83f382c85be6281cd722b03cac8a4ce8248f7eaf08424267e314c9237842c84db2a4349467fe45d0c380166d4e278
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exepid process 2044 917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exedescription pid process Token: SeDebugPrivilege 2044 917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exe"C:\Users\Admin\AppData\Local\Temp\917a18876b441d7d29a38eabd103fcb803cc73e8bd1307f2d36cf9738d6e68e0.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
PID:2044