b2587af66ae9a2cc8daa61c4b752571509730679f8cd853344c6977dd63afaa0

Analysis

max time kernel
32s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2023 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

666KB
MD5

4abf4307d3c34c700ba5f3bfcc9d8fbe
SHA1

215cc86274dff3bf3da6dd1f6392cb42bb527c09
SHA256

b2587af66ae9a2cc8daa61c4b752571509730679f8cd853344c6977dd63afaa0
SHA512

5236ae0ed091dc5538d2fffa70a6d639c429cc13a39fde4a1ac12764859d6e4693821949d8b68636dc47f960a675760db30c1b4678b2274adb42a4c92002c381
SSDEEP

12288:ygNz7hDhASCIORFW1Z1iVSpB3wv0/JNjk085BEylkKMx2LlpuqjePXpW6Wr:yg5tDhASC7Wlpuv03j38LESkKMxHqjeP

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1316	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	836	tmp.exe
Token: SeDebugPrivilege	1316	powershell.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:836

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/836-133-0x0000012CDBBE0000-0x0000012CDBC8A000-memory.dmp

Filesize
680KB

Download
memory/836-134-0x00007FFED4110000-0x00007FFED4BD1000-memory.dmp

Filesize
10.8MB

Download
memory/836-136-0x0000012CDD8F0000-0x0000012CDD900000-memory.dmp

Filesize
64KB

Download
memory/836-137-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-135-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-141-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-139-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-143-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-145-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-147-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-149-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-151-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-155-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-153-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-157-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-159-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-161-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-163-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-165-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-167-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-169-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-171-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-173-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-175-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-179-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-177-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-183-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-185-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-181-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-187-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-189-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-193-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-197-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-195-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-199-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-191-0x0000012CF6200000-0x0000012CF630D000-memory.dmp

Filesize
1.1MB

Download
memory/836-881-0x00007FFED4110000-0x00007FFED4BD1000-memory.dmp

Filesize
10.8MB

Download
memory/836-1092-0x0000012CDD8F0000-0x0000012CDD900000-memory.dmp

Filesize
64KB

Download
memory/836-3068-0x00007FFED4110000-0x00007FFED4BD1000-memory.dmp

Filesize
10.8MB

Download