a58cf7753cdff434e81e0163ec97f8e1a8b32c80ddfa7cbf021778a759f78842 | Triage

Analysis

max time kernel
35s
max time network
54s
platform
windows10_x64
resource
win10v20210408
submitted
24-05-2021 16:07

Sharing

Report Analysis Logs

General

Target

Remit receipt.exe
Size

328KB
MD5

9df3b36279313b95e818c90ba404e446
SHA1

b9fad9b9d00ac30a9c950110207971fff88a3f87
SHA256

a58cf7753cdff434e81e0163ec97f8e1a8b32c80ddfa7cbf021778a759f78842
SHA512

c3941e53c7d37ed424fcb7b61d44d418a00fa3911186575a17013cf85a2521325ce5b2b71bccb0ff22f45ff9ff330954e271838443f35bcf6ab31b8bcc81ba6f

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Remit receipt.exe

description pid process

Token: SeDebugPrivilege 740 Remit receipt.exe

C:\Users\Admin\AppData\Local\Temp\Remit receipt.exe
"C:\Users\Admin\AppData\Local\Temp\Remit receipt.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/740-114-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/740-116-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

Filesize
4KB

Download
memory/740-117-0x0000000004F80000-0x0000000004F81000-memory.dmp

Filesize
4KB

Download
memory/740-118-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download