93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78 | Triage

Analysis

max time kernel
20s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-05-2022 14:18

Sharing

Report Analysis Logs

General

Target

de3eafb5fa64237cb2d54949c432f19c.exe
Size

2.0MB
MD5

de3eafb5fa64237cb2d54949c432f19c
SHA1

bbb3d8d70e1416241b469c3f58596986957ac39d
SHA256

93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78
SHA512

e01e963313fdede9144ddd4133a2f101177659902d821c994527ab4db627d5ce56e2e34d8c818b4bcbebe2fdfe74e9f0d15b715afa5df89ecfbe8eb73427b0c6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

de3eafb5fa64237cb2d54949c432f19c.exe

description pid process

Token: SeLoadDriverPrivilege 1976 de3eafb5fa64237cb2d54949c432f19c.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

de3eafb5fa64237cb2d54949c432f19c.exe

description	pid	process	target process
PID 1976 wrote to memory of 824	1976	de3eafb5fa64237cb2d54949c432f19c.exe	cmd.exe
PID 1976 wrote to memory of 824	1976	de3eafb5fa64237cb2d54949c432f19c.exe	cmd.exe
PID 1976 wrote to memory of 824	1976	de3eafb5fa64237cb2d54949c432f19c.exe	cmd.exe
PID 1976 wrote to memory of 824	1976	de3eafb5fa64237cb2d54949c432f19c.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\de3eafb5fa64237cb2d54949c432f19c.exe
"C:\Users\Admin\AppData\Local\Temp\de3eafb5fa64237cb2d54949c432f19c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1976

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c md C:\DownLoad-Helper
2⤵
PID:824

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/824-55-0x0000000000000000-mapping.dmp

Download
memory/1976-54-0x00000000750C1000-0x00000000750C3000-memory.dmp

Filesize
8KB

Download