Analysis
-
max time kernel
143s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
07-03-2023 14:16
General
-
Target
030d9daf754e7d55b6690abc958386c7bd69c539b50a971b2a61b0d14210a498.exe
-
Size
474KB
-
MD5
dcb7eaa1fd51e975b67a3ed92509167a
-
SHA1
528c5a4837a195707581724d408c809433f14a16
-
SHA256
030d9daf754e7d55b6690abc958386c7bd69c539b50a971b2a61b0d14210a498
-
SHA512
8b095bc1d1c22db78e1ee1011bd7d6564c3657c4bade729baf803b6df857f88be1fceac74b55b72786df635bbee7ad3ff8d17bbc28da553c1bb08ae275df543c
-
SSDEEP
6144:WG0tEl7ERlzVxn5zLTjgpjdGXq7IOVf4c0Lu8nuyqvM30vakSNMmoYqTVXwIuODf:BCFzbF3g1kXqZf4czAVMmlq5pTlEv1G
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\030d9daf754e7d55b6690abc958386c7bd69c539b50a971b2a61b0d14210a498.exe"C:\Users\Admin\AppData\Local\Temp\030d9daf754e7d55b6690abc958386c7bd69c539b50a971b2a61b0d14210a498.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4372-133-0x0000021D0B840000-0x0000021D0B8BA000-memory.dmpFilesize
488KB
-
memory/4372-134-0x0000021D26BA0000-0x0000021D26BB0000-memory.dmpFilesize
64KB