00a0b9e83b8d1af1650e8ddeaa5cd4729e4a8e55fcae4f006e04113e87afebe6 | Triage

Analysis

max time kernel
32s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 20:42

Sharing

Report Analysis Logs

General

Target

System.exe
Size

56KB
MD5

139cd19f65a027137d58a8845a894d62
SHA1

bad5bc463d84d49ab5dc1dd6afa7be100a30ba47
SHA256

00a0b9e83b8d1af1650e8ddeaa5cd4729e4a8e55fcae4f006e04113e87afebe6
SHA512

7a866f1609ec070cb612af2253d86b92ea5f39d9526e600a3d4e4e6440a1f000696f82d4f14d3853f38a592c9cccc600174128d8d612836d344350f4ce35551e
SSDEEP

768:cjhCMkmViYUO03+y0g2LyifZA9+ir0M1XKLNKVbDAp0I2xWINGZ1:w8M/AXOS+ykLv4+ir0M1E8bD9XNGv

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
364	System.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	364	System.exe

C:\Users\Admin\AppData\Local\Temp\System.exe
"C:\Users\Admin\AppData\Local\Temp\System.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/364-54-0x0000000000F30000-0x0000000000F44000-memory.dmp

Filesize
80KB

Download
memory/364-55-0x00000000003C0000-0x00000000003C6000-memory.dmp

Filesize
24KB

Download
memory/364-56-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download