f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Size

552KB
MD5

4492aff3dca28c18f44fb33c9f919ec0
SHA1

62cfbba29a4cee2022299575927ed5d9ba33bf2d
SHA256

f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e
SHA512

0616010ceb1df413440449d60a2be865a78442dcf9e98d4673f27f12d60759e267a284217e943e069c4df7aa561e5b1268c24904ca38062c56f5115eb2e2fd13
SSDEEP

12288:KgNywXbL3qpNm0bb4POteypcFUKmk1fYbRbGHZpj9vQrR2uWheiNZKJGKs2Zl7IH:PEwCSGpkUkf2G5ppU2leWZKJGK/u2u6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
Token: SeSecurityPrivilege	808	f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe

C:\Users\Admin\AppData\Local\Temp\f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe
"C:\Users\Admin\AppData\Local\Temp\f2e148dab13d81ad2d103b0e99c07ac6dc70d5d341e4fd10c4b260c95fea7a5e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/808-132-0x0000000001000000-0x00000000011A8000-memory.dmp

Filesize
1.7MB

Download
memory/808-133-0x0000000001000000-0x00000000011A8000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads