047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92 | Triage

Analysis

max time kernel
127s
max time network
156s
platform
windows7_x64
resource
win7-en-20211208
submitted
30-01-2022 16:43

Sharing

Report Analysis Logs

General

Target

047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92.exe
Size

9.3MB
MD5

5546caf5f5a1a4ee911b43459446f940
SHA1

2f736f8d1f20d12c25f40bd3574a1cc398542cc4
SHA256

047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92
SHA512

dab84b54e3902aacea0f65ae35b92eb626cfd6f2d8d8c2b2372d87dd75940dcb7bd820efd3ee8ca8067b82d1df95801db2dd2fa7885daa8187e136baacfc5667

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1880	047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92.exe
1880	047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92.exe
1880	047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1880	047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92.exe

C:\Users\Admin\AppData\Local\Temp\047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92.exe
"C:\Users\Admin\AppData\Local\Temp\047f76e6674abf3887162158ec0ea1de324236402fba9698cec204a2d7d8dc92.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1880-54-0x0000000075AB1000-0x0000000075AB3000-memory.dmp

Filesize
8KB

Download
memory/1880-55-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download