e591ae2764bc4b3da309f4c254e003fa3b6545ba9ad97f796ccc029b034bb136 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30/03/2023, 06:00

Sharing

Report Analysis Logs

General

Target

123.exe
Size

216KB
MD5

ff38a3abc3f759d871a09a7136bed608
SHA1

d07e8420cc967fa69cea5c43bdffeb1b45581ca6
SHA256

e591ae2764bc4b3da309f4c254e003fa3b6545ba9ad97f796ccc029b034bb136
SHA512

cb5178e4d9d9d88a944f7c494d3850a4f1eac53d7b2b144e98b48d91e9176043fef2c4a7efe4e433b9c03955f3ea35e5b3342c179f9c160f5cfe215a1d615c67
SSDEEP

3072:A7gBLdTUPWIUvGXIxvV3751yipo1rXU3sKdUVznGauHwTpm:R/oNXIjFhpCtRUf5

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1396	123.exe

C:\Users\Admin\AppData\Local\Temp\123.exe
"C:\Users\Admin\AppData\Local\Temp\123.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1396-54-0x000000013F9D0000-0x000000013FA0A000-memory.dmp

Filesize
232KB

Download