8d5f868a2c1a386df121fbd941cb9b5510270d34674e964bbe3a7a36d7877577

Analysis

max time kernel
151s
max time network
154s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-11-2022 04:53

Target

f3f63e0c0e14e45ac4a24fd867417d6b.exe
Size

58KB
MD5

f3f63e0c0e14e45ac4a24fd867417d6b
SHA1

0c1fba255459f9c553716182c41905ec87ee66f9
SHA256

8d5f868a2c1a386df121fbd941cb9b5510270d34674e964bbe3a7a36d7877577
SHA512

28bd4fe578e984f7db7798612c6f669d18eaf3b37f985e39a0a6ae557e520b9f0f09689940ced9c0a622f35fdd5e6a2919eab68d2d7aa606e21e26a0876c1d85
SSDEEP

768:AqHr9Fv5EOAMVweJTVXmZOVplA8nv6pauSF1PyZO3JeUMO4Jtx0j7W76cAYMb55:Amrnv5LfVweZVWCp28hHIO5e1a74/+

Score

6^/10

discovery

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

f3f63e0c0e14e45ac4a24fd867417d6b.exe

description pid process

Token: SeDebugPrivilege 1368 f3f63e0c0e14e45ac4a24fd867417d6b.exe

description	pid	process
Token: SeDebugPrivilege	1368	f3f63e0c0e14e45ac4a24fd867417d6b.exe

C:\Users\Admin\AppData\Local\Temp\f3f63e0c0e14e45ac4a24fd867417d6b.exe
"C:\Users\Admin\AppData\Local\Temp\f3f63e0c0e14e45ac4a24fd867417d6b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1368-54-0x00000000010D0000-0x00000000010E4000-memory.dmp

Filesize
80KB

Download
memory/1368-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download