6c86e7498865533229e0d51d8d0cf928e9bf129958e18ffe73b97410ca0589a8 | Triage

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
21-07-2022 20:01

Sharing

Report Analysis Logs

General

Target

1e01768f0a3e21c651b9912b7a1ffec3.exe
Size

1.3MB
MD5

1e01768f0a3e21c651b9912b7a1ffec3
SHA1

a685a29f95387428ce598fca8453b391ab8f2865
SHA256

6c86e7498865533229e0d51d8d0cf928e9bf129958e18ffe73b97410ca0589a8
SHA512

0606e6c8023cf21156fc9b72458d5b953454099c864e147136fb73e08d6bd4a7d81b3fc0f1f9caa82b9262f1503e3b2d7345e81974a52fd1f6413f8f4c64ca0b

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1e01768f0a3e21c651b9912b7a1ffec3.exe

description pid process

Token: SeDebugPrivilege 1896 1e01768f0a3e21c651b9912b7a1ffec3.exe

C:\Users\Admin\AppData\Local\Temp\1e01768f0a3e21c651b9912b7a1ffec3.exe
"C:\Users\Admin\AppData\Local\Temp\1e01768f0a3e21c651b9912b7a1ffec3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1896

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1896-54-0x0000000000EE0000-0x000000000102E000-memory.dmp

Filesize
1.3MB

Download
memory/1896-55-0x0000000076081000-0x0000000076083000-memory.dmp

Filesize
8KB

Download