acc75dfbaef0be05c2cbaf346b398b95348dbc065cd2306ba5983129e266e7a0 | Triage

Analysis

max time kernel
145s
max time network
145s
platform
windows7_x64
resource
win7-en-20210920
submitted
14-10-2021 05:18

Sharing

Report Analysis Logs

General

Target

208de5a92642edc4f0bbf3b38af71744.bin.exe
Size

1.5MB
MD5

208de5a92642edc4f0bbf3b38af71744
SHA1

060628b2b0348d6e10ff039b20d8eb38e839b0ab
SHA256

acc75dfbaef0be05c2cbaf346b398b95348dbc065cd2306ba5983129e266e7a0
SHA512

a8b9bfc63b4fc5efb9a8c251de8bd011a073fb786b839baa9b6024ec434a8814f27768813f823e268f0fd3ca0cbe6ab7af3c5420d7aeb04bc7eb5d449040c4d9

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Suspected Powershell Empire GET M1
suricata: ET MALWARE Suspected Powershell Empire GET M1
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

208de5a92642edc4f0bbf3b38af71744.bin.exe

pid process

1652 208de5a92642edc4f0bbf3b38af71744.bin.exe
1652 208de5a92642edc4f0bbf3b38af71744.bin.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

208de5a92642edc4f0bbf3b38af71744.bin.exe

description	pid	process
Token: SeDebugPrivilege	1652	208de5a92642edc4f0bbf3b38af71744.bin.exe
Token: SeDebugPrivilege	1652	208de5a92642edc4f0bbf3b38af71744.bin.exe

C:\Users\Admin\AppData\Local\Temp\208de5a92642edc4f0bbf3b38af71744.bin.exe
"C:\Users\Admin\AppData\Local\Temp\208de5a92642edc4f0bbf3b38af71744.bin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-53-0x0000000027170000-0x000000002717E000-memory.dmp

Filesize
56KB

Download
memory/1652-54-0x0000000027180000-0x000000002718E000-memory.dmp

Filesize
56KB

Download