b0dd78db36781e0070e3f613749814c5167a07afc28a7225d72ec3615c351efd

Analysis

max time kernel
148s
max time network
156s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

854F1E97-5DBB-4AA87-A566-33D9012B095E2pdf.exe
Size

7KB
MD5

5f29bcbcb6dd39d9171f817274134915
SHA1

9d1cbb672a2b68d3592e47dfb4e1d0763728d144
SHA256

b0dd78db36781e0070e3f613749814c5167a07afc28a7225d72ec3615c351efd
SHA512

39c2fabec9b3074283aa6c4e1de0c166131a81a830b6863cd3555845a1b8e828980be144a8a551c2b402fb7b921d29d7c8756ad5eb41221e261fcea1854f0628
SSDEEP

96:pd7+uHAUjtCnqaxJ40IbABUL2QZBn2cmL/JZggDCY2wx5ODJzNt:pd7gEtCnn74RUMrnza3DCY2wfODr

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2576	854F1E97-5DBB-4AA87-A566-33D9012B095E2pdf.exe

C:\Users\Admin\AppData\Local\Temp\854F1E97-5DBB-4AA87-A566-33D9012B095E2pdf.exe
"C:\Users\Admin\AppData\Local\Temp\854F1E97-5DBB-4AA87-A566-33D9012B095E2pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2576-0-0x00000000011B0000-0x00000000011B8000-memory.dmp

Filesize
32KB

Download
memory/2576-1-0x00000000747C0000-0x0000000074EAE000-memory.dmp

Filesize
6.9MB

Download
memory/2576-2-0x0000000004C30000-0x0000000004C70000-memory.dmp

Filesize
256KB

Download
memory/2576-3-0x00000000747C0000-0x0000000074EAE000-memory.dmp

Filesize
6.9MB

Download
memory/2576-4-0x0000000004C30000-0x0000000004C70000-memory.dmp

Filesize
256KB

Download