da1affe84e54055e68af38dc7fda253d538925805b563d7a87686338a7b8d0e6 | Triage

Analysis

max time kernel
146s
max time network
152s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-10-2022 07:38

Sharing

Report Analysis Logs

General

Target

182376,PDF.exe
Size

107KB
MD5

d97e41f8d67fbb966509824bf34191df
SHA1

f7475eee9fe28e196d2d65f4803ffe48a3dc2b26
SHA256

da1affe84e54055e68af38dc7fda253d538925805b563d7a87686338a7b8d0e6
SHA512

1d699ee7f3f537fa3e4ba1510cf19160cf25cbcd1a669bc1316b517f9891bc9fac8cbc332b0d1a6b729c3c1e9a71cd3a3f7331de86d9f633aeac5bbb14921484
SSDEEP

1536:gx/tmQiKh0Ovt0Xo++vw/18AyMMK4MIy+ZmVcl:6tD3OXo+mwNJb4MIy+Z8Y

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1604	182376,PDF.exe

C:\Users\Admin\AppData\Local\Temp\182376,PDF.exe
"C:\Users\Admin\AppData\Local\Temp\182376,PDF.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1604-54-0x0000000000FF0000-0x0000000001010000-memory.dmp

Filesize
128KB

Download
memory/1604-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download