dec8a4b846f892a60d50ea96b5477eab84dfdeb4519ec0b929758a46febdfbba

Analysis

max time kernel
152s
max time network
157s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 17:56

Target

dec8a4b846f892a60d50ea96b5477eab84dfdeb4519ec0b929758a46febdfbba.exe
Size

21KB
MD5

a87eb621ae9f9748f7087a20d5a8fbf5
SHA1

be6b606233a2591fe955e25de8eb050fa945ac7c
SHA256

dec8a4b846f892a60d50ea96b5477eab84dfdeb4519ec0b929758a46febdfbba
SHA512

49b276c4c1b5928a8efcec868d140a8b44937fc9bb1c7b5597d154aa71f42d0d321866324ff5d7a0422901e3848755856875307cfc77fa358eff92ab52e6d7e7
SSDEEP

192:RtPk701zLAv9oGR6H1iS2W/5owhtFhseoU:Yw1//GAH1zFRXo

Score

9^/10

discovery

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	112	dec8a4b846f892a60d50ea96b5477eab84dfdeb4519ec0b929758a46febdfbba.exe

C:\Users\Admin\AppData\Local\Temp\dec8a4b846f892a60d50ea96b5477eab84dfdeb4519ec0b929758a46febdfbba.exe
"C:\Users\Admin\AppData\Local\Temp\dec8a4b846f892a60d50ea96b5477eab84dfdeb4519ec0b929758a46febdfbba.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:112

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/112-54-0x0000000000080000-0x000000000008C000-memory.dmp

Filesize
48KB

Download
memory/112-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download