723066334431437f6368ffa748ac0831ce2f30fd035924ea36d8c3f14f133231 | Triage

Analysis

max time kernel
151s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-06-2023 17:49

Sharing

Report Analysis Logs

General

Target

AScan3.exe
Size

18KB
MD5

1897a77b28fcff9d1a0ae9245eb21e08
SHA1

42b72123d99c3d251094f13a1c8812ffe41cac11
SHA256

723066334431437f6368ffa748ac0831ce2f30fd035924ea36d8c3f14f133231
SHA512

9932cc0449ad159ee1763bbff43c999cece49c3622b86ceeae1a9440ca7e09f81e111b8406c16fbdb53773aea60f2f2f6fe40850e86c80d9b97c9ababc155ccc
SSDEEP

384:GEJraZKPfdpG2U20NJwqUX9F2Rbsb9qBCjKW57qWUeC+Q46YX:ZK2dpJUdJTUgbsb4qx7qWcf45

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (3551) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

AScan3.exe

description pid process

Token: SeDebugPrivilege 940 AScan3.exe

C:\Users\Admin\AppData\Local\Temp\AScan3.exe
"C:\Users\Admin\AppData\Local\Temp\AScan3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/940-54-0x00000000000E0000-0x00000000000EA000-memory.dmp

Filesize
40KB

Download
memory/940-55-0x0000000002120000-0x00000000021A0000-memory.dmp

Filesize
512KB

Download
memory/940-56-0x0000000002120000-0x00000000021A0000-memory.dmp

Filesize
512KB

Download