01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a | Triage

Resubmissions

18-08-2022 16:44

220818-t9avmscah6 10

03-08-2022 13:05

220803-qbxpzabch9 1

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220715-en
submitted
03-08-2022 13:05

Sharing

Report Analysis Logs

General

Target

01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
Size

15.4MB
MD5

3dc5656f3e92921ef629a8217c6306f0
SHA1

78a3fd75f594f8cef5899f3e1735c256440eaf6f
SHA256

01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a
SHA512

56b3c65ad3491d5a44bc17dcd5bca18ba6167fea418aa3d0d144c7b583018f990f3d3046e1b73dcd17736e724ce0b0b042401ad8662d744ae77efe763ba68094
SSDEEP

98304:yjaYpsAOia3mPa0WOw6PXoKTsmcaoswfdVgiGKDzY1iYKaXP:fYu1E7w6P4ycn7UKD01iYKi

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1932	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1932	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1932	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1932	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1932	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1932	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1932	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe

C:\Users\Admin\AppData\Local\Temp\01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
"C:\Users\Admin\AppData\Local\Temp\01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads