56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Size

5.2MB
MD5

4f0101cd30a9fd14af0447e5dc14f3b1
SHA1

ccb18e3f84c8fb09d7c9dd6f3148212f32a08ba3
SHA256

56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e
SHA512

fda329df59517967e18552798c460d3acaf5b75c1312e6de180c74db1e90fc89d3daae1b9ae518a69391808d87f16848fd464a6f50bc6f5ef9ce6db2144f6df9
SSDEEP

24576:nxXrM9fj5SxlK6o2F6dGxLZjAWfbtKzKpLQTy9YUp/n0kGBoxCiQ8OBy3dUXgjB2:nLJXAuLQ9Wu+oY3fhChOQNWJ04OQ9Cr

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 1	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeCreateTokenPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeAssignPrimaryTokenPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeLockMemoryPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeIncreaseQuotaPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeMachineAccountPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeTcbPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeSecurityPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeTakeOwnershipPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeLoadDriverPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeSystemProfilePrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeSystemtimePrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeProfSingleProcessPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeIncBasePriorityPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeCreatePagefilePrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeCreatePermanentPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeBackupPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeRestorePrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeShutdownPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeDebugPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeAuditPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeSystemEnvironmentPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeChangeNotifyPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeRemoteShutdownPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeUndockPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeSyncAgentPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeEnableDelegationPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeManageVolumePrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeImpersonatePrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: SeCreateGlobalPrivilege	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 31	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 32	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 33	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 34	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 35	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 36	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 37	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 38	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 39	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 40	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 41	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 42	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 43	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 44	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 45	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 46	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 47	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
Token: 48	1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
1540	56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe

C:\Users\Admin\AppData\Local\Temp\56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe
"C:\Users\Admin\AppData\Local\Temp\56bc69e97ec05d03f10527e16843a47dcc7ec19f2fb789e03197700e9a584f2e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1540-1-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1540-8-0x0000000002880000-0x0000000002981000-memory.dmp

Filesize
1.0MB

Download
memory/1540-9-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads