29e614a9979002c1888f015f07f7c8665e9674cb2fddc14dd298347884d2e8ba

Analysis

max time kernel
121s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 10:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Microsoft Toolkit.exe
Size

49.6MB
MD5

ca61faaefcc6189ce7c77c9b3db98156
SHA1

d17087df35a2cf867bb6a1c1605970014a3ae036
SHA256

540ce7fd35685050b0f8a3518bb61826437cabde79ed42a8a6c6642989478f2c
SHA512

aa29620eba432c1939c3e1fe34e2a5a8d32dba2ad14194914976339915dc4e5c6c3e4bc51e9701e137657e634a6b1272c736d6087b9f22091c094cf3e00b203a
SSDEEP

786432:daOzkERCg6I18vAqsoSJDU1GiUJAn3F9S0qzCs0zMaP8jP+xJ+qSTUUyDN9uGhZk:danERCgl0AFtcxj34Wz0qgsN9uUw

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe
Token: SeIncBasePriorityPrivilege	1292	Microsoft Toolkit.exe
Token: 33	1292	Microsoft Toolkit.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe
1292	Microsoft Toolkit.exe

C:\Users\Admin\AppData\Local\Temp\Microsoft Toolkit.exe
"C:\Users\Admin\AppData\Local\Temp\Microsoft Toolkit.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-54-0x0000000001360000-0x00000000044F6000-memory.dmp

Filesize
49.6MB

Download
memory/1292-55-0x000007FEFC211000-0x000007FEFC213000-memory.dmp

Filesize
8KB

Download
memory/1292-56-0x0000000029A90000-0x000000002D468000-memory.dmp

Filesize
57.8MB

Download
memory/1292-57-0x000000001E097000-0x000000001E0B6000-memory.dmp

Filesize
124KB

Download
memory/1292-58-0x000000001E097000-0x000000001E0B6000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads