3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004 | Triage

Analysis

max time kernel
141s
max time network
187s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 01:30

Sharing

Report Analysis Logs

General

Target

3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Size

88KB
MD5

6ef12f96e1a99984a96d6e1657389566
SHA1

d8c04d05cbc86dcd6b0d485827e4505c2dc079e9
SHA256

3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004
SHA512

9205b9100fad3d232fb4078b433e826882584dcb0d3abadbbaf7c5e0aee686af9b9d516c9534b59362ddfbcd3ec944b9acd3319858dd7a662ec3e645817217c4

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe

description	pid	process
Token: SeDebugPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: 33	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
Token: SeIncBasePriorityPrivilege	1492	3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe

C:\Users\Admin\AppData\Local\Temp\3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe
"C:\Users\Admin\AppData\Local\Temp\3f779d9227a4c4207d156c136d9c7a3d8b2e92fce22c379bff4128f3d922a004.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1492-54-0x000007FEF45D0000-0x000007FEF4FF3000-memory.dmp

Filesize
10.1MB

Download
memory/1492-55-0x000007FEF21E0000-0x000007FEF3276000-memory.dmp

Filesize
16.6MB

Download