Analysis
-
max time kernel
198s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 12:44
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
PO.exe
-
Size
292KB
-
MD5
b51c6b42fbe1c750f7dd6ea1aa326a3b
-
SHA1
6e455e9c20411ef787b1a912ef92f0a5bac027f3
-
SHA256
5d91a0233b2cd95d7a40c235dd6ab58d92c2b68447ce6920253db1c3100817ce
-
SHA512
a299271633a7bf63feb28cfbdff07f881afe688030bf32b5da85fab537b9db68479901a5784a9981b204fe6e786413131d8d52e3529a26dfab89ea10ac6419e8
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
Processes:
PO.exepid process 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe 3588 PO.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
PO.exedescription pid process Token: SeDebugPrivilege 3588 PO.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3588-130-0x00000000009B0000-0x00000000009FE000-memory.dmpFilesize
312KB
-
memory/3588-131-0x0000000005850000-0x0000000005DF4000-memory.dmpFilesize
5.6MB
-
memory/3588-132-0x00000000052A0000-0x0000000005332000-memory.dmpFilesize
584KB
-
memory/3588-133-0x0000000005270000-0x000000000527A000-memory.dmpFilesize
40KB
-
memory/3588-134-0x00000000055C0000-0x000000000565C000-memory.dmpFilesize
624KB
-
memory/3588-135-0x00000000057C0000-0x0000000005826000-memory.dmpFilesize
408KB