be417cec6de508e907745d2850e069ceb11d27f74f7ba862c3b56dcd19862997

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2023 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a0e8dabc0436f77b75d89cd8a90e8d34a64b1f81346c3b670c6b2c92fccda20.exe
Size

5.8MB
MD5

50ee270a3623ccfc711a96213fa8792e
SHA1

8a9a33cf2d98d04a167ea74e475bef1717052163
SHA256

0a0e8dabc0436f77b75d89cd8a90e8d34a64b1f81346c3b670c6b2c92fccda20
SHA512

d3290a1382821675f5faeaf9ce637a68404915396c25e0ad7cdfd473c36ccafab62b45291b954df5c79b54afba0218df886248df32f63ef7ae302bc93bbb062a
SSDEEP

98304:HBzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuY8cvwu3707iQMMvozFVrwO:a2vhBdSBwJ8NVqmEv2qKMxK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4328	0a0e8dabc0436f77b75d89cd8a90e8d34a64b1f81346c3b670c6b2c92fccda20.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4328	0a0e8dabc0436f77b75d89cd8a90e8d34a64b1f81346c3b670c6b2c92fccda20.exe

C:\Users\Admin\AppData\Local\Temp\0a0e8dabc0436f77b75d89cd8a90e8d34a64b1f81346c3b670c6b2c92fccda20.exe
"C:\Users\Admin\AppData\Local\Temp\0a0e8dabc0436f77b75d89cd8a90e8d34a64b1f81346c3b670c6b2c92fccda20.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4328-0-0x00000204F0D40000-0x00000204F1318000-memory.dmp

Filesize
5.8MB

Download
memory/4328-1-0x00007FFCB7B70000-0x00007FFCB8631000-memory.dmp

Filesize
10.8MB

Download
memory/4328-2-0x00000204F3820000-0x00000204F3830000-memory.dmp

Filesize
64KB

Download
memory/4328-3-0x00000204F4FA0000-0x00000204F5000000-memory.dmp

Filesize
384KB

Download
memory/4328-4-0x00000204F37F0000-0x00000204F380A000-memory.dmp

Filesize
104KB

Download
memory/4328-6-0x00000204F3830000-0x00000204F387C000-memory.dmp

Filesize
304KB

Download
memory/4328-5-0x00000204F37D0000-0x00000204F37E4000-memory.dmp

Filesize
80KB

Download
memory/4328-7-0x00000204F5000000-0x00000204F5026000-memory.dmp

Filesize
152KB

Download
memory/4328-8-0x00000204F5030000-0x00000204F5046000-memory.dmp

Filesize
88KB

Download
memory/4328-9-0x00000204F37E0000-0x00000204F37EA000-memory.dmp

Filesize
40KB

Download
memory/4328-10-0x00000204F5050000-0x00000204F505A000-memory.dmp

Filesize
40KB

Download
memory/4328-11-0x00000204F5060000-0x00000204F5088000-memory.dmp

Filesize
160KB

Download
memory/4328-12-0x00000204F50A0000-0x00000204F50A8000-memory.dmp

Filesize
32KB

Download
memory/4328-13-0x00000204F5090000-0x00000204F509C000-memory.dmp

Filesize
48KB

Download
memory/4328-14-0x00000204F50C0000-0x00000204F50CA000-memory.dmp

Filesize
40KB

Download
memory/4328-15-0x00000204F50D0000-0x00000204F50FC000-memory.dmp

Filesize
176KB

Download
memory/4328-16-0x00000204F5100000-0x00000204F512C000-memory.dmp

Filesize
176KB

Download
memory/4328-17-0x00000204F5180000-0x00000204F51CA000-memory.dmp

Filesize
296KB

Download
memory/4328-18-0x00000204F50B0000-0x00000204F50BE000-memory.dmp

Filesize
56KB

Download
memory/4328-19-0x00000204F5130000-0x00000204F5142000-memory.dmp

Filesize
72KB

Download
memory/4328-20-0x00000204F53D0000-0x00000204F544C000-memory.dmp

Filesize
496KB

Download
memory/4328-21-0x00000204F5450000-0x00000204F5458000-memory.dmp

Filesize
32KB

Download
memory/4328-22-0x00007FFCB7B70000-0x00007FFCB8631000-memory.dmp

Filesize
10.8MB

Download