e921a12e695eac2f76abda7cdf4a0578e761f7e4f63f0b236c4981cc8058de81

Analysis

max time kernel
136s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2023, 20:21

Target

challange_Benign_e921a12e695eac2f76abda7cdf4a0578e761f7e4f63f0b236c4981cc8058de81.exe
Size

59KB
MD5

dc79e66c433006f483fc2d3ff4259c08
SHA1

66d8ea18d2eee8b09e507f7357dee5049a972d44
SHA256

e921a12e695eac2f76abda7cdf4a0578e761f7e4f63f0b236c4981cc8058de81
SHA512

5c62ab7dcb66684b3ace900cc4566f5a9d8990cf2e5691e4a8016933ca1c1ed8d4c71cc34da24c56def85d77c2a1cbcb9005bf9610fa4bea04a5f734ca261d54
SSDEEP

768:AfmLl9/qbdh+hN2VHTDXTVrIXvf5OP4i/PuZoI1efChumPsT9cUHQk63NrKaT1qa:A+hQJDj4JsC+IgfRIMP6QIqrgX8LGU0

Score

6^/10

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3440	challange_Benign_e921a12e695eac2f76abda7cdf4a0578e761f7e4f63f0b236c4981cc8058de81.exe

C:\Users\Admin\AppData\Local\Temp\challange_Benign_e921a12e695eac2f76abda7cdf4a0578e761f7e4f63f0b236c4981cc8058de81.exe
"C:\Users\Admin\AppData\Local\Temp\challange_Benign_e921a12e695eac2f76abda7cdf4a0578e761f7e4f63f0b236c4981cc8058de81.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3440

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

memory/3440-136-0x0000022F14DA0000-0x0000022F14DB6000-memory.dmp

Filesize
88KB

Download
memory/3440-137-0x0000022F2F210000-0x0000022F2F220000-memory.dmp

Filesize
64KB

Download
memory/3440-138-0x0000022F2F210000-0x0000022F2F220000-memory.dmp

Filesize
64KB

Download