Overview

overview

10

Static

static

10

a3e1c473b7...ab.exe

windows7-x64

1

a3e1c473b7...ab.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-10-2023 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3e1c473b7058c5b9437d48ae38be08439010c9528c737c3a17c6659fe2c5fab.exe

  • Size

    1.3MB

  • MD5

    23b8cc582029f632d063baa27cef11b1

  • SHA1

    6a365208487ef1c2589d184d8f9b048b2950711f

  • SHA256

    a3e1c473b7058c5b9437d48ae38be08439010c9528c737c3a17c6659fe2c5fab

  • SHA512

    e440b9de9a70d2d036469edbf0a5616b658a74732c4890da72d81c8a7ecdc61a4a41b1fa63a726a11a41d425209d888752f54de36331dc4e2ef51059b1115ddf

  • SSDEEP

    24576:nqrLkcs3MQQAlMe+bW+0coxfUrNvDSVXT5XRTm7Oya:ekPMbAye5nUr2XT5X2O1

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3e1c473b7058c5b9437d48ae38be08439010c9528c737c3a17c6659fe2c5fab.exe
    "C:\Users\Admin\AppData\Local\Temp\a3e1c473b7058c5b9437d48ae38be08439010c9528c737c3a17c6659fe2c5fab.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1680-0-0x000002B10BBF0000-0x000002B10BC24000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1680-1-0x00007FFD7AD90000-0x00007FFD7B851000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1680-2-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-3-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-4-0x00007FFD7AD90000-0x00007FFD7B851000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1680-5-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-6-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-7-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-8-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-9-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-10-0x000002B126060000-0x000002B126068000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1680-11-0x000002B1262F0000-0x000002B126328000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1680-12-0x000002B126080000-0x000002B12608E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1680-13-0x000002B124730000-0x000002B124740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1680-15-0x00007FFD7AD90000-0x00007FFD7B851000-memory.dmp

    Filesize

    10.8MB

    Download