02a8f0962681f2cf506deb96b80e2e4cfca38bd283decfb09f0a1f1c66814a4a | Triage

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29/05/2023, 01:38

Sharing

Report Analysis Logs

General

Target

apphost.exe
Size

2.0MB
MD5

06ed501084fee2629ec9ffa81ec35ad4
SHA1

c7dc21edf35431c194f1cc31ff1268ab5d0ca9c8
SHA256

02a8f0962681f2cf506deb96b80e2e4cfca38bd283decfb09f0a1f1c66814a4a
SHA512

a4818d7df00dfbdd56e3ed739bccab299927330182e1df7785d13c89cbb43463e8069bb7dc31b65f3069dd420da7fa5c1a7a427f4a096b35ca01ccd041481494
SSDEEP

49152:g5aPR9oQ/7IMh7MpZ0q5t7PZYHLTqYTuMlne8x7RfgcGx2O:g5CRiskMhopZ0q5tGH/qYTuSXx7Rfg1

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1996	apphost.exe
Token: SeDebugPrivilege	1996	apphost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1996	apphost.exe
1996	apphost.exe

C:\Users\Admin\AppData\Local\Temp\apphost.exe
"C:\Users\Admin\AppData\Local\Temp\apphost.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads