4a8031fc97753e95eb440a1f0f100ddcfbca0bca0bb2271dbc775e129282f304

Resubmissions

20/07/2023, 23:06

29/09/2022, 12:38

max time kernel
40s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/09/2022, 12:38

Target

Trojan-Ransom.Win32.Zerber.gdcx-4a8031fc97753e95eb440a1f0f100ddcfbca0bca0bb2271dbc775e129282f304.exe
Size

148KB
MD5

3ce563e899291b59fa8c57c98cad9b4e
SHA1

7157cc9cf910735727b6601ad4d532cdd0fedc7e
SHA256

4a8031fc97753e95eb440a1f0f100ddcfbca0bca0bb2271dbc775e129282f304
SHA512

827dc0e9f9212ec0d4c1e8c7180c33d387548f7de6d0b45a2eef01f22f69ee571d3f2f8b610b8f671f4b25abaa578431ce758a5e41740e7b8c63ca85ef953469
SSDEEP

3072:/UuL1hDewdkuaLYO/IBK2btFVL1xTevRUyZDDdnN5:/Ue1hyioVgBhnNPK5FZD5n

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1640	Trojan-Ransom.Win32.Zerber.gdcx-4a8031fc97753e95eb440a1f0f100ddcfbca0bca0bb2271dbc775e129282f304.exe

C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Zerber.gdcx-4a8031fc97753e95eb440a1f0f100ddcfbca0bca0bb2271dbc775e129282f304.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Zerber.gdcx-4a8031fc97753e95eb440a1f0f100ddcfbca0bca0bb2271dbc775e129282f304.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1640

memory/1640-54-0x0000000000B10000-0x0000000000B3C000-memory.dmp

Filesize
176KB

Download
memory/1640-55-0x0000000000550000-0x0000000000566000-memory.dmp

Filesize
88KB

Download
memory/1640-56-0x0000000000560000-0x0000000000566000-memory.dmp

Filesize
24KB

Download
memory/1640-57-0x000000001AD00000-0x000000001AD38000-memory.dmp

Filesize
224KB

Download