f6437b319a96807ff41f30905b8babf7c3064ea76e87b6172046dd085d0e1dcd | Triage

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7v20201028
submitted
01-03-2021 22:36

Sharing

Report Analysis Logs

General

Target

f6437b319a96807ff41f30905b8babf7c3064ea76e87b6172046dd085d0e1dcd.exe
Size

256KB
MD5

a3d83bf350ffc3c5acbe366ed8bd538e
SHA1

d6dd003956617ee7e5c84f06941cd534383a379c
SHA256

f6437b319a96807ff41f30905b8babf7c3064ea76e87b6172046dd085d0e1dcd
SHA512

6cf14503878f212d01b8257d1b58a2dd095375d14557a04023c5cd73d931f8b132cf4ca3a289f7444096e38b9e6a4a3bc4b37eb405a4a5d398d84412a0e37aef

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

f6437b319a96807ff41f30905b8babf7c3064ea76e87b6172046dd085d0e1dcd.exe

description pid process

Token: SeDebugPrivilege 596 f6437b319a96807ff41f30905b8babf7c3064ea76e87b6172046dd085d0e1dcd.exe

C:\Users\Admin\AppData\Local\Temp\f6437b319a96807ff41f30905b8babf7c3064ea76e87b6172046dd085d0e1dcd.exe
"C:\Users\Admin\AppData\Local\Temp\f6437b319a96807ff41f30905b8babf7c3064ea76e87b6172046dd085d0e1dcd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/596-2-0x0000000074CC0000-0x00000000753AE000-memory.dmp

Filesize
6.9MB

Download
memory/596-3-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/596-5-0x0000000004810000-0x0000000004811000-memory.dmp

Filesize
4KB

Download