e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663 | Triage

Analysis

max time kernel
131s
max time network
140s
platform
windows10_x64
resource
win10-en-20211104
submitted
12-11-2021 18:03

Sharing

Report Analysis Logs

General

Target

4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe
Size

133KB
MD5

4b535dbe595f89c3bcaa4f43cc1323a3
SHA1

4162c873be81f5aac6ca0a1ed7f84bfe86ec4262
SHA256

e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663
SHA512

1959b757094e83d24041f3c8e1f993e0df428d87f54a3e8e8dfb0b76922a39027cfc1f1203a91c4c36836c81de94cb870aea33ae8ae4bf8864e93374934ea66d

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe

description pid process

Token: SeDebugPrivilege 4024 4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe

C:\Users\Admin\AppData\Local\Temp\4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe
"C:\Users\Admin\AppData\Local\Temp\4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4024-118-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download