4c26643cb0e783e8dc9cab1629d35e8523bd49e637f48847916efd517347111b

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-en-20211014
submitted
05-11-2021 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6023b151847ac5cbeb2b311623a8f126.exe
Size

43KB
MD5

6023b151847ac5cbeb2b311623a8f126
SHA1

8aeb83d4d7173266cc7eed4a0ff6694698c6743e
SHA256

4c26643cb0e783e8dc9cab1629d35e8523bd49e637f48847916efd517347111b
SHA512

a8795d2ae623f72c99d6bfbf0379ded30582d36fcf671d8d33cd78c6c7307cd582d7b4ba771e0670aaae983042b7fbb41f3ed123e57adceb9c86ed2f9e1fe065

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

6023b151847ac5cbeb2b311623a8f126.exe

pid process

1864 6023b151847ac5cbeb2b311623a8f126.exe

pid	process
1864	6023b151847ac5cbeb2b311623a8f126.exe

Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes:

6023b151847ac5cbeb2b311623a8f126.exe

description	pid	process
Token: SeDebugPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: 33	1864	6023b151847ac5cbeb2b311623a8f126.exe
Token: SeIncBasePriorityPrivilege	1864	6023b151847ac5cbeb2b311623a8f126.exe

C:\Users\Admin\AppData\Local\Temp\6023b151847ac5cbeb2b311623a8f126.exe
"C:\Users\Admin\AppData\Local\Temp\6023b151847ac5cbeb2b311623a8f126.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1864-55-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/1864-57-0x0000000004C00000-0x0000000004C01000-memory.dmp

Filesize
4KB

Download