c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072

Analysis

max time kernel
152s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Size

658KB
MD5

804ed79f5ead500c7d66e6b3cf870a3a
SHA1

510e584343771fbbd8a2087b47194be47c668ca0
SHA256

c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072
SHA512

20b616055b58abdbfd6f98f510a30f1865894c66e9c341128a493a5595e660ad67e22fa2cc7b01bb00af51753191ad160729ec9ddc147e699d850038c66c69c7
SSDEEP

12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIBNkNCCLI9Ek5C/hH:eZ1xuVVjfFoynPaVBUR8fekN1UEBZ

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeSecurityPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeTakeOwnershipPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeLoadDriverPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeSystemProfilePrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeSystemtimePrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeProfSingleProcessPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeIncBasePriorityPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeCreatePagefilePrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeBackupPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeRestorePrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeShutdownPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeDebugPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeSystemEnvironmentPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeChangeNotifyPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeRemoteShutdownPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeUndockPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeManageVolumePrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeImpersonatePrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: SeCreateGlobalPrivilege	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: 33	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: 34	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
Token: 35	1152	c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe

C:\Users\Admin\AppData\Local\Temp\c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe
"C:\Users\Admin\AppData\Local\Temp\c31e1ac2c35d895d3a79b6883e31db3ed4f1d3eedc8719a63abad280ad4e9072.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-54-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads