01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a | Triage

Resubmissions

18-08-2022 16:44

220818-t9avmscah6 10

03-08-2022 13:05

220803-qbxpzabch9 1

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-08-2022 16:44

Sharing

Report Analysis Logs

General

Target

01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
Size

15.4MB
MD5

3dc5656f3e92921ef629a8217c6306f0
SHA1

78a3fd75f594f8cef5899f3e1735c256440eaf6f
SHA256

01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a
SHA512

56b3c65ad3491d5a44bc17dcd5bca18ba6167fea418aa3d0d144c7b583018f990f3d3046e1b73dcd17736e724ce0b0b042401ad8662d744ae77efe763ba68094

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1388	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1388	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1388	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1388	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1388	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
1388	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1388	01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe

C:\Users\Admin\AppData\Local\Temp\01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe
"C:\Users\Admin\AppData\Local\Temp\01cbda953163d513026ef3b576e671d77daa350222b094283f7c4c79b374068a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads