04a21002d823f600141aaae2ae01627db67e8f257fbcf715f7df9ea1583fa343 | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 08:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Price Inquiry.exe
Size

6KB
MD5

9dbfcc526fa42dfb751355a036a7ec9f
SHA1

474494c0731cbd55ceac10b09a6f255c9bfb477e
SHA256

04a21002d823f600141aaae2ae01627db67e8f257fbcf715f7df9ea1583fa343
SHA512

3fe107dd05c7febae7156180512d02fcd58cffb2495cdb867cecfe7ba958c27c04aa730f6d9841b3226b4dc3dd9e4614c686deb5eba9106b2dfefe36939b1184
SSDEEP

96:9/n/yTx+/QzUZ/o5q2z8efjm2aVdzFQD0FnU:5/iz4G3zDfjLafza1

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1204	Price Inquiry.exe

C:\Users\Admin\AppData\Local\Temp\Price Inquiry.exe
"C:\Users\Admin\AppData\Local\Temp\Price Inquiry.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-54-0x0000000000DF0000-0x0000000000DF8000-memory.dmp

Filesize
32KB

Download
memory/1204-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download