Analysis
-
max time kernel
185s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2022 18:54
Static task
static1
Behavioral task
behavioral1
Sample
995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe
-
Size
836KB
-
MD5
bff19d78f2c6620697bab570bef2648e
-
SHA1
5804b28d3d61907402582df8335eb65afad219ac
-
SHA256
995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808
-
SHA512
afd12a85c4ef137ee64fb182a8fe45cc66abaaae52faa8e64d00663c79e0888b77a1e51e1944d5122a15c14c6bd0c390ec63984cb07a33aacf7c66443e58ed3a
-
SSDEEP
6144:d2mt8BWL/QVFFuPEam8dyDtUj12TFkNkkKr4hu6DJk6+xKDPvaw0wPv1P0+AUWpo:poMK2EaRA+sT0kk506+nIQanQ1PVGoM
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 27 IoCs
Processes:
995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exedescription pid process Token: SeDebugPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: 33 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe Token: SeIncBasePriorityPrivilege 5024 995fd129f501d89993cdf201c0d7b9030ef4f42f1968336e589f7517a0164808.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5024-133-0x0000000000B70000-0x0000000000C48000-memory.dmpFilesize
864KB
-
memory/5024-134-0x00000000074D0000-0x000000000756C000-memory.dmpFilesize
624KB
-
memory/5024-135-0x0000000005DB0000-0x0000000006354000-memory.dmpFilesize
5.6MB
-
memory/5024-136-0x0000000005A20000-0x0000000005AB2000-memory.dmpFilesize
584KB
-
memory/5024-137-0x00000000059E0000-0x00000000059EA000-memory.dmpFilesize
40KB