e3c0091ce4bbcf6f9524c81f5d4cd8ee2447be4a6d0db2816eb8cd28e7e8f7e5 | Triage

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23/12/2022, 17:27

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

18KB
MD5

c12968c9fb5a423016222361a0bbfdeb
SHA1

e2f3b17914c1f04b538ef73266612907318a2353
SHA256

e3c0091ce4bbcf6f9524c81f5d4cd8ee2447be4a6d0db2816eb8cd28e7e8f7e5
SHA512

d4586d075d7df803f7dbf9620dd852dd5622650c7fe2b85cdb10e37f6351281e4bd5303708aab9aa2e5f89bcab31a6c31f51b48a7a8d5fd0f76b213e160cc7c1
SSDEEP

384:OHz1vHASc76wQ/J1O95acb43vK4oTb7VnwbWq/4w//jKXuQT:o1AUBcfVneprKXHT

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2016	tmp.exe
2016	tmp.exe
2016	tmp.exe
2016	tmp.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2016	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x00000000012F0000-0x00000000012FC000-memory.dmp

Filesize
48KB

Download
memory/2016-55-0x0000000000600000-0x0000000000634000-memory.dmp

Filesize
208KB

Download
memory/2016-56-0x0000000000630000-0x000000000063A000-memory.dmp

Filesize
40KB

Download