e345b4bad10718422ffa6ac074d5e3d3533cd2e738efaa60622fb5f8d7ca5893 | Triage

Analysis

max time kernel
123s
max time network
151s
platform
windows7_x64
resource
win7-en-20211104
submitted
25-11-2021 16:57

Sharing

Report Analysis Logs

General

Target

12542b5731864f4a2029775f44c5f681.exe
Size

47KB
MD5

12542b5731864f4a2029775f44c5f681
SHA1

e32cf510649cad5cd85714575904f6abb14773aa
SHA256

e345b4bad10718422ffa6ac074d5e3d3533cd2e738efaa60622fb5f8d7ca5893
SHA512

646f5d99b584b7cbae45389cba316faeae05640e590e7685a8aad23cad28ff452f9f7f1c86ae30a19c2fc3e758d79041cef261e5b199878b94582d4fc610f39c

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

12542b5731864f4a2029775f44c5f681.exe

description pid process

Token: SeDebugPrivilege 1244 12542b5731864f4a2029775f44c5f681.exe

C:\Users\Admin\AppData\Local\Temp\12542b5731864f4a2029775f44c5f681.exe
"C:\Users\Admin\AppData\Local\Temp\12542b5731864f4a2029775f44c5f681.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1244-55-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1244-57-0x0000000000600000-0x0000000000602000-memory.dmp

Filesize
8KB

Download