564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060

Analysis

max time kernel
140s
max time network
154s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
25-07-2022 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
Size

5KB
MD5

18514721747222b4dff1146cdd2f08e2
SHA1

a4978af36a0ab6e231d6d1ea9db0f33b153c3483
SHA256

564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060
SHA512

eca94bfb0e10b990cef5d1d833ab0a0cc8861a4915e51a5ac19a7348f5d639c702f287af11a45743c9427bce916fa6f4979753d688d44c9d3582a20f66b3fce5

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE APT-C-23 Activity (GET)
suricata: ET MALWARE APT-C-23 Activity (GET)
suricata

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe

pid	process
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe

description pid process

Token: SeDebugPrivilege 1968 564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe

description	pid	process
Token: SeDebugPrivilege	1968	564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe

C:\Users\Admin\AppData\Local\Temp\564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe
"C:\Users\Admin\AppData\Local\Temp\564fb64698f3839c49fbadf67176ba1b545bbb7dfa0d129e5aa0e69ec8271060.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-54-0x00000000754D1000-0x00000000754D3000-memory.dmp

Filesize
8KB

Download