3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Size

2.0MB
MD5

b748932644af7baaa9210621742b49cb
SHA1

79ff741973cb860f9f230d38da1772490b138037
SHA256

3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816
SHA512

33d852d392ccf08fa07ae5966d6edf63647d4e9f8475a637c7d7d56fb4636fe7de9728c7ad45b03dcde6d9354c5f69bb0b3ee9d40abee2cb48217f26cad2d31a
SSDEEP

24576:xMRuU70xR8/pumExwazQvFBvDVslCHBIZ+iHgpPx/rIEKz7sOCDH6S/u40Q5fFmV:xnxCpu+az0dQChmCNDKXsrDpMQAXT

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeDebugPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 1	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeCreateTokenPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeAssignPrimaryTokenPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeLockMemoryPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeIncreaseQuotaPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeMachineAccountPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeTcbPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeSecurityPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeTakeOwnershipPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeLoadDriverPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeSystemProfilePrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeSystemtimePrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeProfSingleProcessPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeIncBasePriorityPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeCreatePagefilePrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeCreatePermanentPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeBackupPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeRestorePrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeShutdownPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeDebugPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeAuditPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeSystemEnvironmentPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeChangeNotifyPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeRemoteShutdownPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeUndockPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeSyncAgentPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeEnableDelegationPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeManageVolumePrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeImpersonatePrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeCreateGlobalPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 31	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 32	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 33	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 34	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 35	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 36	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 37	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 38	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 39	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 40	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 41	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 42	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 43	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 44	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 45	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 46	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 47	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: 48	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
Token: SeDebugPrivilege	1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
1196	3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe

C:\Users\Admin\AppData\Local\Temp\3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe
"C:\Users\Admin\AppData\Local\Temp\3bee7f8984808b0da1f90ca2ddeb36bbc9366a9265cd71533fb22fe89ae91816.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-6-0x0000000002010000-0x0000000002051000-memory.dmp

Filesize
260KB

Download
memory/1196-7-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1196-10-0x0000000002380000-0x0000000002481000-memory.dmp

Filesize
1.0MB

Download
memory/1196-18-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download