Overview

overview

3

Static

static

3

bypass-clm.exe

windows7-x64

1

bypass-clm.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 13:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bypass-clm.exe

  • Size

    9KB

  • MD5

    a39ebcfe3d666f37a62766f3f937e861

  • SHA1

    ae0d20ab0bbcf2b4b835042c8d8b9477f8e385a9

  • SHA256

    d88f6a30e5efce4e781d6530f4949cf4a5f42cb423a5ba7e0e6761679192818b

  • SHA512

    389159087e371e594bf3916edcdd9b8547372083a54a5bc2c61ebd9c1eea50de9d9e0bd97c0dd8157da11014efff9e589640cf03a695acca68f65d99f604ff31

  • SSDEEP

    192:FtnINSC+wYK+D0py1LpQY+JcDUr1bpHu3XaqjS0Xu9t:LnpTwYK+8yJpQY+JcDG/kqMS0+9

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bypass-clm.exe
    "C:\Users\Admin\AppData\Local\Temp\bypass-clm.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4232

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4232-0-0x0000021659130000-0x0000021659136000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4232-1-0x00007FF9F0A60000-0x00007FF9F1521000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4232-4-0x00007FF9ECF1E000-0x00007FF9ECF1F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4232-3-0x000002165ADD0000-0x000002165ADE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4232-2-0x00000216743F0000-0x0000021674412000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4232-5-0x00007FF9F9EE0000-0x00007FF9F9EF9000-memory.dmp

          Filesize

          100KB

          Download

        • memory/4232-6-0x00007FF9F0A60000-0x00007FF9F1521000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4232-7-0x000002165ADD0000-0x000002165ADE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4232-8-0x000002165ADD0000-0x000002165ADE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4232-9-0x000002165ADD0000-0x000002165ADE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4232-12-0x00007FF9F0A60000-0x00007FF9F1521000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4232-13-0x00007FF9F9EE0000-0x00007FF9F9EF9000-memory.dmp

          Filesize

          100KB

          Download