17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f

Analysis

max time kernel
111s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Size

361KB
MD5

06448f10697145e35b0d43a03eafed0c
SHA1

7abf2178fe05520a3899318d766c2db41534a699
SHA256

17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f
SHA512

b5d6585ba5fc6526e925c292ebcdff8f10a93c7de49251af511a1a88260a962219fea385d8f1e5d70e3a3d48001604b4ae59aaa6f79097bcc770e501c52ef296
SSDEEP

6144:O4ScvN931a9qbbPCsgENcmOJqBPyrLbzRYK5KdPZTPKA6lumn+iNqFaFgpZiTE1:bL31QRsBarJ2yj143TPKem+ik6gOTE1

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4948-132-0x0000000000400000-0x00000000004E2000-memory.dmp	upx
behavioral2/memory/4948-133-0x0000000000400000-0x00000000004E2000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeSecurityPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeTakeOwnershipPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeLoadDriverPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeSystemProfilePrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeSystemtimePrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeProfSingleProcessPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeIncBasePriorityPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeCreatePagefilePrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeBackupPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeRestorePrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeShutdownPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeDebugPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeSystemEnvironmentPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeChangeNotifyPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeRemoteShutdownPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeUndockPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeManageVolumePrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeImpersonatePrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: SeCreateGlobalPrivilege	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: 33	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: 34	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: 35	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
Token: 36	4948	17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe

C:\Users\Admin\AppData\Local\Temp\17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe
"C:\Users\Admin\AppData\Local\Temp\17ac5fb9ffb739e922d4c8eacf07081c7824ddbdbbb2e307ed3804637397924f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4948-132-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/4948-133-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads