cb2516e6d3a85325c9c1495cf9b5b7db93d4b7cc4e4629f248512d0a028addb1 | Triage

Analysis

max time kernel
39s
max time network
133s
platform
windows7_x64
resource
win7v20210410
submitted
23-06-2021 17:05

Sharing

Report Analysis Logs

General

Target

8309BB41E97424572F1076F7F3152E7C.exe
Size

9.6MB
MD5

8309bb41e97424572f1076f7f3152e7c
SHA1

3b88f14dddd90214e0907d4bc51b94f24dbab8b3
SHA256

cb2516e6d3a85325c9c1495cf9b5b7db93d4b7cc4e4629f248512d0a028addb1
SHA512

398ba4261da3bd0cd7c65850cf919063fb402e1703e6a51246fe45759efaec5897e68be54f95a4764f80f049e309f8a995a82b00bf266ec482af32155e79d4e9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

8309BB41E97424572F1076F7F3152E7C.exe

pid	Process
1836	8309BB41E97424572F1076F7F3152E7C.exe
1836	8309BB41E97424572F1076F7F3152E7C.exe
1836	8309BB41E97424572F1076F7F3152E7C.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

8309BB41E97424572F1076F7F3152E7C.exe

description	pid	Process
Token: SeDebugPrivilege	1836	8309BB41E97424572F1076F7F3152E7C.exe

C:\Users\Admin\AppData\Local\Temp\8309BB41E97424572F1076F7F3152E7C.exe
"C:\Users\Admin\AppData\Local\Temp\8309BB41E97424572F1076F7F3152E7C.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1836-59-0x0000000001290000-0x0000000001291000-memory.dmp

Filesize
4KB

Download
memory/1836-61-0x00000000057B0000-0x00000000057B1000-memory.dmp

Filesize
4KB

Download