be7ba15c274112b511952287bd01a6c135e7b20260f307fc72fcd1a948188086 | Triage

Analysis

max time kernel
35s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 16:32

Sharing

Report Analysis Logs

General

Target

file.exe
Size

3.2MB
MD5

502b810b213e6ea11cebaa86737c6f26
SHA1

9180f07a4cf3fea9b08e6e1828fb1b8d05805975
SHA256

be7ba15c274112b511952287bd01a6c135e7b20260f307fc72fcd1a948188086
SHA512

2ed47486212f832fc8c3f3f85137e489c7d6fe4b893acc74910362830ce778a6eab13ce95554f984028cc0953329b799d318df1088b94f7930db0e8a5a987e78
SSDEEP

12288:GNpYYoU9aGbHRFbOuuWompGy4y5vKk8U9tXnt9q:mpYVU9FP

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

file.exe

pid process

1608 file.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

file.exe

description pid process

Token: SeDebugPrivilege 1608 file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1608-54-0x0000000000850000-0x0000000000892000-memory.dmp

Filesize
264KB

Download
memory/1608-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download