4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12/07/2022, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
Size

88KB
MD5

df7427b5e05183e625345c3c37ef31c0
SHA1

f2fa8be27cd9de963de79a2252a1ed81acb7b6eb
SHA256

4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57
SHA512

abbd8d384b23018d99524ba4108389a692c4cb8bd5baafbb43f8caaea92d06351d74946d0f3be373bc6b9ca1424005ea00691f72b871fc72348dbfda58078e35

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
816	4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe

C:\Users\Admin\AppData\Local\Temp\4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe
"C:\Users\Admin\AppData\Local\Temp\4a36be035dfe01ff3d3894b6645987fb808d2531bf62d706cb887983e5e62a57.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/816-130-0x00007FFBC1CC0000-0x00007FFBC26F6000-memory.dmp

Filesize
10.2MB

Download
memory/816-131-0x0000000000D7A000-0x0000000000D7F000-memory.dmp

Filesize
20KB

Download
memory/816-132-0x0000000000D7A000-0x0000000000D7F000-memory.dmp

Filesize
20KB

Download