f96220adfda74917e800824560af98aa531b4c38f141ebb2582fe9925309814b | Triage

Analysis

max time kernel
151s
max time network
153s
platform
windows7_x64
resource
win7-20220414-en
submitted
13-07-2022 20:09

Sharing

Report Analysis Logs

General

Target

c3dc5d22fb3d36e7e228089398815e48.exe
Size

18KB
MD5

c3dc5d22fb3d36e7e228089398815e48
SHA1

4105b4bc7c6b368fe73a3d378fd669a6327f93b1
SHA256

f96220adfda74917e800824560af98aa531b4c38f141ebb2582fe9925309814b
SHA512

bb37c86ba694524f53905b21b80e0aa969c101954a9f773953f98368c115233549e284c1505c8e781bb44c49972a9fcce652fe6bf48f3b6ac5b6273f4d37c599

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c3dc5d22fb3d36e7e228089398815e48.exe

description pid process

Token: SeDebugPrivilege 960 c3dc5d22fb3d36e7e228089398815e48.exe

C:\Users\Admin\AppData\Local\Temp\c3dc5d22fb3d36e7e228089398815e48.exe
"C:\Users\Admin\AppData\Local\Temp\c3dc5d22fb3d36e7e228089398815e48.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:960

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x00000000000F0000-0x00000000000FA000-memory.dmp

Filesize
40KB

Download
memory/960-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download