44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289

Analysis

max time kernel
141s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2023, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Size

1.3MB
MD5

a22da70eb3939026b03bbc83d77b1d39
SHA1

1320ffc2ba60122ffd316b10450a16fc321888fa
SHA256

44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289
SHA512

f65caa17c42e5a27afec20f5486102f7897a90aacd6500fed42b1294a4f35d75e8f23b0813ba153a3e881abf00fe2e14c133a80f67855800ef7c3201f1f9999a
SSDEEP

24576:OSk0bgduMBQO4rDBdBu2oofNCjSO/uht84BaMZIrQ:OS6bBQ3D7BRopy3Ba/M

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeSecurityPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeTakeOwnershipPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeLoadDriverPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeSystemProfilePrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeSystemtimePrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeProfSingleProcessPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeIncBasePriorityPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeCreatePagefilePrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeBackupPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeRestorePrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeShutdownPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeDebugPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeSystemEnvironmentPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeRemoteShutdownPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeUndockPrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: SeManageVolumePrivilege	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: 33	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: 34	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: 35	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
Token: 36	4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
4364	44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe

C:\Users\Admin\AppData\Local\Temp\44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe
"C:\Users\Admin\AppData\Local\Temp\44af5f93d09e1f123b31220b34785ba339242eae343d815e085320f7bd130289.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4364-133-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/4364-134-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/4364-135-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/4364-137-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads