02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8 | Triage

Analysis

max time kernel
130s
max time network
153s
platform
windows7_x64
resource
win7-en-20211208
submitted
30-01-2022 16:45

Sharing

Report Analysis Logs

General

Target

02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe
Size

10.0MB
MD5

141a6528801be0eac7e7efe0ff59bf10
SHA1

a6193e8bf91925d35256eee6dbba43540148b529
SHA256

02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8
SHA512

1097e7257df0ac3647cb4dd3e5ef5a1345e40bfa6663eb3d9107912ae7f6daf42d7e82d3e4467fcb4a5bfe5c78c87ed1aff9dfcbe301664f68add0d29dacf07e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe

pid	process
1320	02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe
1320	02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe

description pid process

Token: SeDebugPrivilege 1320 02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe

C:\Users\Admin\AppData\Local\Temp\02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe
"C:\Users\Admin\AppData\Local\Temp\02e10231a6a383ff07fd6d25b3dc8dac57b077d7f27d712887a897fb6064a0c8.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1320-55-0x0000000000290000-0x0000000000C96000-memory.dmp

Filesize
10.0MB

Download
memory/1320-56-0x000000001BC20000-0x000000001BC22000-memory.dmp

Filesize
8KB

Download
memory/1320-57-0x000007FEFB631000-0x000007FEFB633000-memory.dmp

Filesize
8KB

Download