5046403f44884fe6aa062f9d2f92037136305305ef195d4c213c279e2466ec1f

Analysis

max time kernel
149s
max time network
160s
platform
windows10_x64
resource
win10v20210408
submitted
08-09-2021 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FA662F3DB65D27282DB066A3790E49AC.exe
Size

32KB
MD5

fa662f3db65d27282db066a3790e49ac
SHA1

4e172123c728811be644749ee4a3df6c03f78488
SHA256

5046403f44884fe6aa062f9d2f92037136305305ef195d4c213c279e2466ec1f
SHA512

6b426fafab9fe30dbdd1e4e8c388e285aed1e1902d1f0a0cf068e0a6ab28a9f095a50af402d5dbcc0f90de0b334d743fa9132b6625f4e00bd9bc56ed0e8fd28d

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata

Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes:

FA662F3DB65D27282DB066A3790E49AC.exe

description	pid	process
Token: SeDebugPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: 33	4648	FA662F3DB65D27282DB066A3790E49AC.exe
Token: SeIncBasePriorityPrivilege	4648	FA662F3DB65D27282DB066A3790E49AC.exe

C:\Users\Admin\AppData\Local\Temp\FA662F3DB65D27282DB066A3790E49AC.exe
"C:\Users\Admin\AppData\Local\Temp\FA662F3DB65D27282DB066A3790E49AC.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4648-114-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download