209a3bee9b7bc06c8aaa8c607df850ec05f58892e6ea1cfec2cbbdab6501ee2f | Triage

Analysis

max time kernel
146s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 04:05

Sharing

Report Analysis Logs

General

Target

209a3bee9b7bc06c8aaa8c607df850ec05f58892e6ea1cfec2cbbdab6501ee2f.exe
Size

16KB
MD5

22dd5f71f6e77f1f9ab88d898bf65a73
SHA1

c811146aa5e4bbe1927a47f6462655677c19b951
SHA256

209a3bee9b7bc06c8aaa8c607df850ec05f58892e6ea1cfec2cbbdab6501ee2f
SHA512

9cf908242ee484835924f840950dd0552f4dad3b11074f2a69cc628c6bcdd2654e2822362e451e62ea301009dba7b0d52705af87e523b7132f9bfdb878148383

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

209a3bee9b7bc06c8aaa8c607df850ec05f58892e6ea1cfec2cbbdab6501ee2f.exe

description pid process

Token: SeDebugPrivilege 1800 209a3bee9b7bc06c8aaa8c607df850ec05f58892e6ea1cfec2cbbdab6501ee2f.exe

C:\Users\Admin\AppData\Local\Temp\209a3bee9b7bc06c8aaa8c607df850ec05f58892e6ea1cfec2cbbdab6501ee2f.exe
"C:\Users\Admin\AppData\Local\Temp\209a3bee9b7bc06c8aaa8c607df850ec05f58892e6ea1cfec2cbbdab6501ee2f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1800-55-0x000007FEF1B70000-0x000007FEF2C06000-memory.dmp

Filesize
16.6MB

Download