47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82 | Triage

Analysis

max time kernel
95s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
14-07-2022 05:29

Sharing

Report Analysis Logs

General

Target

47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82.exe
Size

512KB
MD5

6f033dd9627ecf227035a5e811b5525f
SHA1

afab005a820ec62ea2d3f4937816b16ad1e2ce7d
SHA256

47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82
SHA512

4d46560a1e90eab2104927faa768f57006ecf289e087f5d584e358913320f1e220015c331d3123511a5b24aabc9666635e85756579c2cdb8524601e05c8ef738

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82.exe

description	pid	process
Token: SeDebugPrivilege	1552	47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82.exe
Token: 33	1552	47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82.exe
Token: SeIncBasePriorityPrivilege	1552	47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82.exe

C:\Users\Admin\AppData\Local\Temp\47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82.exe
"C:\Users\Admin\AppData\Local\Temp\47ca72369cbaba956e99e5ee3499181caba1c5ce535a7350fc8f100d775b6c82.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1552-133-0x0000000000F30000-0x0000000000FAA000-memory.dmp

Filesize
488KB

Download
memory/1552-134-0x0000000005FD0000-0x0000000006574000-memory.dmp

Filesize
5.6MB

Download
memory/1552-135-0x0000000005A20000-0x0000000005AB2000-memory.dmp

Filesize
584KB

Download