Analysis
-
max time kernel
184s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 12:33
General
-
Target
PDF.exe
-
Size
259KB
-
MD5
c664e5778bd251d8649c4369bf3ca0ef
-
SHA1
813876c89a9375d853a9fdc43acde7b76d97377c
-
SHA256
f6028e213b27ed3153e3ff224f40fdc35a053c1d9a3cb795eed8211ecfca26d9
-
SHA512
492758e5f6b6c2049bdabfe6c928e1a22329c78387da98a25952036001c81a23b7af81e1be4e8a941c10adfba6fef3a55292b9dd3aabfd625521de2a50d3d8ba
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PDF.exe"C:\Users\Admin\AppData\Local\Temp\PDF.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3800-130-0x0000000000B10000-0x0000000000B58000-memory.dmpFilesize
288KB
-
memory/3800-131-0x0000000005A30000-0x0000000005FD4000-memory.dmpFilesize
5.6MB
-
memory/3800-132-0x0000000005520000-0x00000000055B2000-memory.dmpFilesize
584KB
-
memory/3800-133-0x00000000055C0000-0x00000000055CA000-memory.dmpFilesize
40KB
-
memory/3800-134-0x0000000005820000-0x00000000058BC000-memory.dmpFilesize
624KB
-
memory/3800-135-0x0000000005FE0000-0x0000000006046000-memory.dmpFilesize
408KB