9d2266ca67855d7c3f117c22f47daf8b39eb95f0d6b3183e3939a47e39fb04d0

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12-10-2022 12:59

Target

FORMATO DE PDF MG,236-5126-965.exe
Size

1.1MB
MD5

c187130b77f9aeb18af72fe658582466
SHA1

9f609910ec86ff5669335f53f126990b10f15c29
SHA256

9d2266ca67855d7c3f117c22f47daf8b39eb95f0d6b3183e3939a47e39fb04d0
SHA512

028fe42df22efff4318c2d74586b15449a7e00a2eff0d4350e991346bc6b7bbe155d3999cd3dd87801afdce9896b47ab117553a04242fcf8105606612f60a737
SSDEEP

24576:TJ0tujytMxxLdlKQ0RrZ1eYFELA/ek1Eykn32TkVA6n:qujyMxJi18YI5qEyWy6n

Score

6^/10

discovery

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

FORMATO DE PDF MG,236-5126-965.exe

description pid process

Token: SeDebugPrivilege 1088 FORMATO DE PDF MG,236-5126-965.exe

description	pid	process
Token: SeDebugPrivilege	1088	FORMATO DE PDF MG,236-5126-965.exe

C:\Users\Admin\AppData\Local\Temp\FORMATO DE PDF MG,236-5126-965.exe
"C:\Users\Admin\AppData\Local\Temp\FORMATO DE PDF MG,236-5126-965.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1088

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1088-54-0x0000000000930000-0x0000000000A46000-memory.dmp

Filesize
1.1MB

Download
memory/1088-55-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download