9bfe1f250036c8b8a26b62da30516674b16b26c2ebad9ac3906e3821affea723

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/10/2023, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30cdb2fdf78a92ab5a7f9ee957ff737810f4e989efeb8cf0a4fcf76b6d8ff5aa.exe
Size

3.9MB
MD5

d0304a05c037e7b2c00e16e31fde26b6
SHA1

1c85064189eb559a17ea2dc24fbc17e927ce5989
SHA256

30cdb2fdf78a92ab5a7f9ee957ff737810f4e989efeb8cf0a4fcf76b6d8ff5aa
SHA512

cd6ae3f7d6a1578c59d49841b6f2db638113b6ad9df03150c76da71c7952bd5847dddbc3a6a0221355cfcd573e75751965c3ebd43d0f328e0ae517da534bc781
SSDEEP

98304:IBzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuY8cvwu3707iQMMvozFVrwO:h2vhBwM2dK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1728	30cdb2fdf78a92ab5a7f9ee957ff737810f4e989efeb8cf0a4fcf76b6d8ff5aa.exe
1728	30cdb2fdf78a92ab5a7f9ee957ff737810f4e989efeb8cf0a4fcf76b6d8ff5aa.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1728	30cdb2fdf78a92ab5a7f9ee957ff737810f4e989efeb8cf0a4fcf76b6d8ff5aa.exe

C:\Users\Admin\AppData\Local\Temp\30cdb2fdf78a92ab5a7f9ee957ff737810f4e989efeb8cf0a4fcf76b6d8ff5aa.exe
"C:\Users\Admin\AppData\Local\Temp\30cdb2fdf78a92ab5a7f9ee957ff737810f4e989efeb8cf0a4fcf76b6d8ff5aa.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-0-0x0000000000B80000-0x0000000000F6C000-memory.dmp

Filesize
3.9MB

Download
memory/1728-1-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/1728-2-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download
memory/1728-3-0x0000000000340000-0x0000000000350000-memory.dmp

Filesize
64KB

Download
memory/1728-4-0x0000000000470000-0x0000000000496000-memory.dmp

Filesize
152KB

Download
memory/1728-5-0x0000000000490000-0x000000000049E000-memory.dmp

Filesize
56KB

Download
memory/1728-6-0x00000000004A0000-0x00000000004B0000-memory.dmp

Filesize
64KB

Download
memory/1728-7-0x00000000004B0000-0x00000000004BA000-memory.dmp

Filesize
40KB

Download
memory/1728-8-0x00000000004C0000-0x00000000004D2000-memory.dmp

Filesize
72KB

Download
memory/1728-9-0x000000001ABA0000-0x000000001AC1C000-memory.dmp

Filesize
496KB

Download
memory/1728-10-0x000000001AD30000-0x000000001ADE0000-memory.dmp

Filesize
704KB

Download
memory/1728-11-0x0000000002370000-0x00000000023BA000-memory.dmp

Filesize
296KB

Download
memory/1728-12-0x0000000000AA0000-0x0000000000AA8000-memory.dmp

Filesize
32KB

Download
memory/1728-14-0x00000000004D0000-0x00000000004DA000-memory.dmp

Filesize
40KB

Download
memory/1728-15-0x00000000004E0000-0x00000000004EA000-memory.dmp

Filesize
40KB

Download
memory/1728-16-0x00000000004F0000-0x00000000004FC000-memory.dmp

Filesize
48KB

Download
memory/1728-17-0x0000000000B50000-0x0000000000B78000-memory.dmp

Filesize
160KB

Download
memory/1728-18-0x00000000023C0000-0x00000000023CC000-memory.dmp

Filesize
48KB

Download
memory/1728-19-0x00000000025D0000-0x00000000025EA000-memory.dmp

Filesize
104KB

Download
memory/1728-20-0x000000001ADE0000-0x000000001AE0C000-memory.dmp

Filesize
176KB

Download
memory/1728-21-0x000000001B810000-0x000000001B892000-memory.dmp

Filesize
520KB

Download
memory/1728-23-0x0000000000AB0000-0x0000000000ABA000-memory.dmp

Filesize
40KB

Download
memory/1728-22-0x0000000000AB0000-0x0000000000ABA000-memory.dmp

Filesize
40KB

Download
memory/1728-25-0x0000000002540000-0x0000000002548000-memory.dmp

Filesize
32KB

Download
memory/1728-24-0x000000001AEB0000-0x000000001AEEA000-memory.dmp

Filesize
232KB

Download
memory/1728-26-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download
memory/1728-27-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download
memory/1728-28-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/1728-29-0x0000000000AB0000-0x0000000000ABA000-memory.dmp

Filesize
40KB

Download
memory/1728-30-0x0000000000AC0000-0x0000000000ACE000-memory.dmp

Filesize
56KB

Download
memory/1728-31-0x00000000023D0000-0x00000000023DC000-memory.dmp

Filesize
48KB

Download
memory/1728-32-0x00000000025F0000-0x00000000025FE000-memory.dmp

Filesize
56KB

Download
memory/1728-35-0x000000001B8D0000-0x000000001B8D1000-memory.dmp

Filesize
4KB

Download
memory/1728-36-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download
memory/1728-37-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download
memory/1728-38-0x000000001BDC0000-0x000000001BE36000-memory.dmp

Filesize
472KB

Download
memory/1728-39-0x000000001B9C0000-0x000000001B9E6000-memory.dmp

Filesize
152KB

Download
memory/1728-40-0x000000001B920000-0x000000001B936000-memory.dmp

Filesize
88KB

Download
memory/1728-41-0x000000001B8E0000-0x000000001B8EA000-memory.dmp

Filesize
40KB

Download
memory/1728-42-0x0000000000AB0000-0x0000000000ABA000-memory.dmp

Filesize
40KB

Download
memory/1728-43-0x0000000000AB0000-0x0000000000ABA000-memory.dmp

Filesize
40KB

Download
memory/1728-44-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download
memory/1728-45-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download
memory/1728-46-0x000000001AE30000-0x000000001AEB0000-memory.dmp

Filesize
512KB

Download