6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657

Analysis

max time kernel
73s
max time network
66s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
06-03-2023 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe
Size

1.8MB
MD5

15235cb2697dd290c1976dd31f10fc44
SHA1

00dc8836fd8b9fbab69419c19c2bcf998224cbf0
SHA256

6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657
SHA512

6df6f823d9efcfb5ee06218c75d096231789a063e331368cedf865fe9e8fd5f89e9518b23820f2e99662dd0e094e7d75111297b9bb47e3e53f3f1a56303bcc5b
SSDEEP

49152:LXJMezxMw6mUvPJCgbffRdvYMFE64Nx7mQfUsc:lMezxWrNbnRdwgE6ohmQf5c

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
860	6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe
860	6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe
860	6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe
860	6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe
860	6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	860	6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe

C:\Users\Admin\AppData\Local\Temp\6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe
"C:\Users\Admin\AppData\Local\Temp\6643176655f6e1dd356f5b827bc80ad2de499434717c8d78dd36a2110fed5657.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/860-54-0x00000000007C0000-0x0000000000961000-memory.dmp

Filesize
1.6MB

Download
memory/860-55-0x000000000BFD0000-0x000000000C84F000-memory.dmp

Filesize
8.5MB

Download
memory/860-56-0x000000000B780000-0x000000000B80D000-memory.dmp

Filesize
564KB

Download
memory/860-57-0x0000000000BA0000-0x0000000000C24000-memory.dmp

Filesize
528KB

Download
memory/860-58-0x0000000000D40000-0x0000000000DF4000-memory.dmp

Filesize
720KB

Download
memory/860-59-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-63-0x0000000003680000-0x00000000036C0000-memory.dmp

Filesize
256KB

Download
memory/860-62-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-60-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-65-0x0000000003680000-0x00000000036C0000-memory.dmp

Filesize
256KB

Download
memory/860-67-0x0000000003680000-0x00000000036C0000-memory.dmp

Filesize
256KB

Download
memory/860-66-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-69-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-71-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-73-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-75-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-77-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-79-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-81-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-83-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-85-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-87-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-89-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-91-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-93-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-95-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-97-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-99-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-101-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-103-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-105-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-107-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-109-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-111-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-113-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-115-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-117-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-119-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-121-0x0000000000D40000-0x0000000000DED000-memory.dmp

Filesize
692KB

Download
memory/860-964-0x0000000000ED0000-0x0000000000F26000-memory.dmp

Filesize
344KB

Download
memory/860-965-0x00000000035F0000-0x0000000003644000-memory.dmp

Filesize
336KB

Download
memory/860-966-0x00000000037F0000-0x000000000383C000-memory.dmp

Filesize
304KB

Download
memory/860-967-0x0000000003840000-0x0000000003894000-memory.dmp

Filesize
336KB

Download