a33d222f6285ac860557eca99adaaced1933018f8301f410ab3a84b2362c532e | Triage

Analysis

max time kernel
60s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2023, 15:16

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

263KB
MD5

29e8a3f26d102eb5c37dd7598f3e3bbf
SHA1

1ebf17b6699baaaef525d5bcfb6d78c9cea25aad
SHA256

a33d222f6285ac860557eca99adaaced1933018f8301f410ab3a84b2362c532e
SHA512

f75d1f21c29579ba7067005b13f521364c6f071fe28523e520ee5ef9d6b3dc98d8d84a01f28e486e985627e23a1a4d1c39472f87fb7c3975d3b8cc50402588c4
SSDEEP

3072:y46fAbJkIqxquj2L+vfjmCJ7//4coWaRqp5HXrIwlqRys3DILgRQXM/+N:yCuVxqakc/J7/FpaR2XrGys3Ag

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4456	tmp.exe
Token: SeDebugPrivilege	4456	tmp.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4456	tmp.exe
4456	tmp.exe
4456	tmp.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4456	tmp.exe
4456	tmp.exe
4456	tmp.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4456	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bes.ini

Filesize
24B

MD5
0d152f75039053b0e0dbc8b49339f860

SHA1
32bc158b35e50b1f32892519a6b84b818fc5d2b1

SHA256
1f11472afd14ea50e5d6eb7796f3390d25e8dd2d7e15b546f058fa83810468c2

SHA512
9efec609c02211c40155378065311a61c65848c33d912229a26b3c4a810355ed7f2d06d126f868b2fd0cb9bdbad142cbb1cb92673042a6d2b6e9bc54fb79d46b

Download Submit