06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6

Analysis

max time kernel
179s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Size

1.3MB
MD5

83ff625924b21b7296aaf0f4e351eaeb
SHA1

25e1db90d2fb02b2fad9d8525754b93356206c5f
SHA256

06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6
SHA512

41a249bef1b39f2b4b29bb2e0ae3e4a3128ec01a8b983381c7047f71ea475d854a2ee9ab38044d292ea0916e97a9bed2c7e776556ac9f631fa0edd46a346f23c
SSDEEP

24576:9hTuCEaQ+6bkOM/Xj6bZpTwOEwjPQLS+qMjj4INsVtAm1D7z8CIR:9hKzV+27Ewj/Vp

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeSecurityPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeTakeOwnershipPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeLoadDriverPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeSystemProfilePrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeSystemtimePrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeProfSingleProcessPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeIncBasePriorityPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeCreatePagefilePrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeShutdownPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeDebugPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeSystemEnvironmentPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeRemoteShutdownPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeUndockPrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: SeManageVolumePrivilege	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: 33	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: 34	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: 35	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
Token: 36	4628	06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe

C:\Users\Admin\AppData\Local\Temp\06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe
"C:\Users\Admin\AppData\Local\Temp\06aadc164bf9470baf90b148b0b65896f2364a18621987d64e113da9db31f8e6.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4628-132-0x0000000000400000-0x00000000006BF000-memory.dmp

Filesize
2.7MB

Download
memory/4628-133-0x0000000000400000-0x00000000006BF000-memory.dmp

Filesize
2.7MB

Download
memory/4628-134-0x0000000000400000-0x00000000006BF000-memory.dmp

Filesize
2.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads