6e751e0bde45e359026534d3bbe726fe7c0e9c8c2a8efff5dfd39912c4eb1b7e | Triage

Analysis

max time kernel
124s
max time network
163s
platform
windows7_x64
resource
win7v20210410
submitted
26-07-2021 10:18

Sharing

Report Analysis Logs

General

Target

bnUeC95F41kCZTTTu_cm-nwOnIwqjv-139OZEsTrG34.bin.exe
Size

1.0MB
MD5

b8b67c16029de86734bc326cc8ee10bc
SHA1

5ad452ed075d370508aa699c82f650b9e97fc7be
SHA256

6e751e0bde45e359026534d3bbe726fe7c0e9c8c2a8efff5dfd39912c4eb1b7e
SHA512

e0a35000f7978e5f1faab42f2e10109546f99c0146e4c252f4080819bef0f523e95051a853dfce1d6fc1eeb5e55ca6ce7a84f665c84630e8c5bfc19809b97d4c

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bnUeC95F41kCZTTTu_cm-nwOnIwqjv-139OZEsTrG34.bin.exe

description pid process

Token: SeDebugPrivilege 1304 bnUeC95F41kCZTTTu_cm-nwOnIwqjv-139OZEsTrG34.bin.exe

C:\Users\Admin\AppData\Local\Temp\bnUeC95F41kCZTTTu_cm-nwOnIwqjv-139OZEsTrG34.bin.exe
"C:\Users\Admin\AppData\Local\Temp\bnUeC95F41kCZTTTu_cm-nwOnIwqjv-139OZEsTrG34.bin.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1304

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-60-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1304-62-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/1304-63-0x0000000000590000-0x00000000005BD000-memory.dmp

Filesize
180KB

Download