efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35

Analysis

max time kernel
151s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2023 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
Size

1.3MB
MD5

2170785c7eb5c968efe42e9ea79c0ad0
SHA1

e343b8b118604863ed351ffbe8d2f6215c6fbc2a
SHA256

efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35
SHA512

09af2f7152f7f4942c917bc281ff873403bb270753186de628165935bb9a6dfb6e919c48007cabeff1c7952f87fb8f3f9bf494b6deb57a19fe1416dcaba178d6
SSDEEP

24576:iXAyA7/TjNuExdKoHJq56WdTDSVXT5XTKEO35Ysya:QxA7/TjNumdE6WmXT5XexJT1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
Token: SeDebugPrivilege	2980	efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe

C:\Users\Admin\AppData\Local\Temp\efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe
"C:\Users\Admin\AppData\Local\Temp\efdd73d714234eef6a62bf86eea383013d5df0aa1ab7795e9666478da29bfb35.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-0-0x0000015C57C40000-0x0000015C57C74000-memory.dmp

Filesize
208KB

Download
memory/2980-1-0x00007FFF691A0000-0x00007FFF69C61000-memory.dmp

Filesize
10.8MB

Download
memory/2980-3-0x0000015C707F0000-0x0000015C70800000-memory.dmp

Filesize
64KB

Download
memory/2980-2-0x0000015C707F0000-0x0000015C70800000-memory.dmp

Filesize
64KB

Download
memory/2980-4-0x0000015C707F0000-0x0000015C70800000-memory.dmp

Filesize
64KB

Download
memory/2980-5-0x0000015C707F0000-0x0000015C70800000-memory.dmp

Filesize
64KB

Download
memory/2980-6-0x0000015C722A0000-0x0000015C722A8000-memory.dmp

Filesize
32KB

Download
memory/2980-7-0x0000015C72320000-0x0000015C72358000-memory.dmp

Filesize
224KB

Download
memory/2980-8-0x0000015C722F0000-0x0000015C722FE000-memory.dmp

Filesize
56KB

Download
memory/2980-21-0x00007FFF691A0000-0x00007FFF69C61000-memory.dmp

Filesize
10.8MB

Download
memory/2980-22-0x0000015C707F0000-0x0000015C70800000-memory.dmp

Filesize
64KB

Download
memory/2980-23-0x0000015C707F0000-0x0000015C70800000-memory.dmp

Filesize
64KB

Download