dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Size

647KB
MD5

56abb9bb8b1918dfc527974c20dd0e5a
SHA1

332c979ec6c46bc1c20c3fb958832004a9cc5785
SHA256

dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034
SHA512

f320e16b7c43793dc247ce2c51b6a1026666366b97574f26867323fc63134ec0eb09f4ca7d3585b2604d8d3147c2138868f4da26ab71f8c3f2de9a98b1f66a83
SSDEEP

12288:x6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPf1N:0AmBpVKHu0Mu9Xo20VGLVPtN

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeSecurityPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeTakeOwnershipPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeLoadDriverPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeSystemProfilePrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeSystemtimePrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeProfSingleProcessPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeIncBasePriorityPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeCreatePagefilePrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeBackupPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeRestorePrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeShutdownPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeDebugPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeSystemEnvironmentPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeChangeNotifyPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeRemoteShutdownPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeUndockPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeManageVolumePrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeImpersonatePrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: SeCreateGlobalPrivilege	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: 33	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: 34	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: 35	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
Token: 36	1152	dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe

C:\Users\Admin\AppData\Local\Temp\dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe
"C:\Users\Admin\AppData\Local\Temp\dfa88add456c5806d4064658080520836858bd9558c5044e7d5022f5840b6034.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1152

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads