f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Size

4.0MB
MD5

ec9a63d2e75cc598b3693ff8df3177b1
SHA1

956ec130e4bda7ac396240beca7135eddaa7ed28
SHA256

f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9
SHA512

238eef1ec6e4e71cec2e0e8d8ea411d380abe0099de3a05b6b9ed499e16bb6765969c84694406ff2d2b77f756af9492a3da1e0ba9aee2dcdd9cdb6bf1288e606
SSDEEP

49152:sZ2bVFo4rzfVQ9Ni3nSMZwq5l9oLCqq/pL+kQC+s8KuqGaX0ToIBAUZLYSB7:I255vVQ9Ni3nHXl9oLCqqhQJBAUZL7t

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 1	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeCreateTokenPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeAssignPrimaryTokenPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeLockMemoryPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeIncreaseQuotaPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeMachineAccountPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeTcbPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeSecurityPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeTakeOwnershipPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeLoadDriverPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeSystemProfilePrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeSystemtimePrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeProfSingleProcessPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeIncBasePriorityPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeCreatePagefilePrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeCreatePermanentPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeBackupPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeRestorePrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeShutdownPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeDebugPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeAuditPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeSystemEnvironmentPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeChangeNotifyPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeRemoteShutdownPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeUndockPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeSyncAgentPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeEnableDelegationPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeManageVolumePrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeImpersonatePrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: SeCreateGlobalPrivilege	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 31	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 32	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 33	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 34	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 35	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 36	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 37	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 38	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 39	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 40	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 41	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 42	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 43	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 44	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 45	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 46	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 47	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
Token: 48	5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
5008	f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe

C:\Users\Admin\AppData\Local\Temp\f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe
"C:\Users\Admin\AppData\Local\Temp\f73623a356e53a38bb577eb0226b972edb034007ef4a2895136133e9cfe1a0d9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5008-0-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/5008-7-0x0000000000F00000-0x0000000000F09000-memory.dmp

Filesize
36KB

Download
memory/5008-10-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads