3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
Size

1.7MB
MD5

80256870164fb1f7d0e7021c8dfa16ba
SHA1

5104167b258ab72664f87a9d6d787f0da002b523
SHA256

3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a
SHA512

127f2cabca273ad801d1814cebf7e297f644dbb69c2d9cebb9ae2c9db44d5ddb573eec94955955876b009dcbf50031b235adc40e95bd04bf031b2c85ed645be2
SSDEEP

24576:o/++Y+IwoslWiJ1OSY+K4nfskK31iCnG3DSVXT5Xgaya:odAwoslj1OS9K4nfRCHXT5Xga1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
Token: SeDebugPrivilege	2600	3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe

C:\Users\Admin\AppData\Local\Temp\3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe
"C:\Users\Admin\AppData\Local\Temp\3db48a9a55bf1e13a53ed985b057b41fa9db9d3331277c545ccc11ea79f8698a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2600-133-0x00007FFD0DBC0000-0x00007FFD0E681000-memory.dmp

Filesize
10.8MB

Download
memory/2600-135-0x0000020AEF1F0000-0x0000020AEF200000-memory.dmp

Filesize
64KB

Download
memory/2600-134-0x0000020AEF1F0000-0x0000020AEF200000-memory.dmp

Filesize
64KB

Download
memory/2600-136-0x0000020AEF1F0000-0x0000020AEF200000-memory.dmp

Filesize
64KB

Download
memory/2600-137-0x0000020AEF1F0000-0x0000020AEF200000-memory.dmp

Filesize
64KB

Download
memory/2600-138-0x0000020AF3880000-0x0000020AF3888000-memory.dmp

Filesize
32KB

Download
memory/2600-139-0x0000020AF3900000-0x0000020AF3938000-memory.dmp

Filesize
224KB

Download
memory/2600-140-0x0000020AF38D0000-0x0000020AF38DE000-memory.dmp

Filesize
56KB

Download
memory/2600-153-0x00007FFD0DBC0000-0x00007FFD0E681000-memory.dmp

Filesize
10.8MB

Download
memory/2600-154-0x0000020AEF1F0000-0x0000020AEF200000-memory.dmp

Filesize
64KB

Download
memory/2600-155-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-156-0x0000020AEF1F0000-0x0000020AEF200000-memory.dmp

Filesize
64KB

Download
memory/2600-157-0x0000020AEF1F0000-0x0000020AEF200000-memory.dmp

Filesize
64KB

Download
memory/2600-158-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-159-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-160-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-161-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-162-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-163-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-164-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-165-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-166-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-167-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-168-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-169-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download
memory/2600-170-0x0000020AEF580000-0x0000020AEF777000-memory.dmp

Filesize
2.0MB

Download