21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Size

4.0MB
MD5

2df3cacfbcf994f75d5fb72465c0144e
SHA1

a4cb5b9859baaa442934c140291a7dab0e855767
SHA256

21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589
SHA512

c4b83139118bcb98aa575f0c716c754e3e9366c8c39f1a96148ce658c4b49cedd5ebb059bb73daef3a7067b133de38bc2977b1c8c1a1c3d4586eed7c46af718a
SSDEEP

98304:XsTzzwM1HxwX6bY7kl9oLCqq6JJBAUZLD:XgcKb+JJV/

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 1	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeCreateTokenPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeAssignPrimaryTokenPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeLockMemoryPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeIncreaseQuotaPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeMachineAccountPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeTcbPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeSecurityPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeTakeOwnershipPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeLoadDriverPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeSystemProfilePrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeSystemtimePrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeProfSingleProcessPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeIncBasePriorityPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeCreatePagefilePrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeCreatePermanentPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeBackupPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeRestorePrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeShutdownPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeDebugPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeAuditPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeSystemEnvironmentPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeChangeNotifyPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeRemoteShutdownPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeUndockPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeSyncAgentPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeEnableDelegationPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeManageVolumePrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeImpersonatePrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: SeCreateGlobalPrivilege	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 31	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 32	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 33	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 34	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 35	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 36	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 37	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 38	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 39	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 40	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 41	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 42	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 43	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 44	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 45	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 46	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 47	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
Token: 48	4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
4340	21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe

C:\Users\Admin\AppData\Local\Temp\21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe
"C:\Users\Admin\AppData\Local\Temp\21f648b31edf4bb953203b7ce7fcd7b5b04d7357790cf89ce0c7bb72d6d69589.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4340-0-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/4340-7-0x0000000002730000-0x0000000002739000-memory.dmp

Filesize
36KB

Download
memory/4340-10-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads