7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20-08-2023 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
Size

1.6MB
MD5

44b3aabc580a2f5de447d49a300eae23
SHA1

9744926a45c6415954e8962203356fb2f1450b25
SHA256

7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def
SHA512

8af4b8358104542f94513cb9777aa8e31e6cf1d1d6ee201e7ad7b4ebbaa8468e5aeba286d40cb6f9a6f138722273f94dee07843d2d5f5937bfcd58eae477026e
SSDEEP

24576:qLeQdTc8H3z0iZgLdtNGPfPqcPnTLHuty5tAH2gDSVXT5X1wJdndya:qPTp3zXCLdtNYfP9HuyAKXT5Xodd1

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
Token: SeDebugPrivilege	1576	7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe

C:\Users\Admin\AppData\Local\Temp\7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe
"C:\Users\Admin\AppData\Local\Temp\7eb8e66732299d3555bbe599224169cb05e8f0c8a134281a9f1ab90eecb41def.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3691c1c0269010fe39e9f3d8f9da55df

SHA1
29a954416aa57682e39684503c754f2c34ddda23

SHA256
b66eec37ec378575ffa016581fc35ef3369404d9f89d4e3e09e2e9234c1bf541

SHA512
70544dc91f5856127b5206bdc1525bdbe6889a1ffa5be4f07eb826362578afe1adb8b6d9ba375e505f0ff6ffb69e0c5f6bbadba68d5cf2d7976373b8a1bb9863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01ffc5c19d8d04d93b4bdb0581016a0b

SHA1
0419f9fa9402a7f4c4c1dd166b1ff6bfe7486a1c

SHA256
b595188ae214c7279895f7ee96ad39ae9631fda74f16ea5cb69faef55548bc64

SHA512
6742d186f7e45a762bf2cd17de144c22b55268be74ef559cb86e2f1dac2cfa4b2857d00de098f22cc1b6f0276029f60c72a2370b49c797e2dad125b6e92d1520

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE216.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE268.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
memory/1576-58-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/1576-56-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-59-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/1576-60-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-64-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-65-0x000007FEF5590000-0x000007FEF5F7C000-memory.dmp

Filesize
9.9MB

Download
memory/1576-66-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-67-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-57-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-53-0x0000000000440000-0x0000000000474000-memory.dmp

Filesize
208KB

Download
memory/1576-55-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-54-0x000007FEF5590000-0x000007FEF5F7C000-memory.dmp

Filesize
9.9MB

Download
memory/1576-188-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-192-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-193-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/1576-194-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/1576-195-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download
memory/1576-196-0x000000001AEF0000-0x000000001AF70000-memory.dmp

Filesize
512KB

Download