6a721773d219cf641d57826ec3724c48152f23dfa441aa2b2798a778be143cb8

Analysis

max time kernel
152s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Activator/Microsoft_Toolkit_2.6.4.exe
Size

56.5MB
MD5

d77b38f887a7d6b842d05ada38a57bcc
SHA1

2b6d05f9cde75049414433994ab5482c2795086d
SHA256

99130c7385dfa35d791c21c678d1bafc009284b345261eebfeacc3baf11b1bc9
SHA512

78e8a25c5442d6619d8de81a39bcf3307acaaecb7d52aa6b2e0c24fa7b8d5897957d8bc3f4e54cb2391d3019ee203bd2e08121c852ed2c6bea4531af86a02870
SSDEEP

1572864:jbRSRkZ58dTKOx+GdgLf9GmEdfoe3Qr1BXhN8Jzy1n:jbRZHGd/4bizqn

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeDebugPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe
Token: 33	3180	Microsoft_Toolkit_2.6.4.exe
Token: SeIncBasePriorityPrivilege	3180	Microsoft_Toolkit_2.6.4.exe

C:\Users\Admin\AppData\Local\Temp\Activator\Microsoft_Toolkit_2.6.4.exe
"C:\Users\Admin\AppData\Local\Temp\Activator\Microsoft_Toolkit_2.6.4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3180-0-0x00007FFE36460000-0x00007FFE36F21000-memory.dmp

Filesize
10.8MB

Download
memory/3180-1-0x0000000000350000-0x0000000003BC8000-memory.dmp

Filesize
56.5MB

Download
memory/3180-2-0x000000001E910000-0x000000001E920000-memory.dmp

Filesize
64KB

Download
memory/3180-8-0x0000000029EA0000-0x000000002E486000-memory.dmp

Filesize
69.9MB

Download
memory/3180-10-0x000000001E910000-0x000000001E920000-memory.dmp

Filesize
64KB

Download
memory/3180-9-0x000000001E910000-0x000000001E920000-memory.dmp

Filesize
64KB

Download
memory/3180-11-0x00007FFE36460000-0x00007FFE36F21000-memory.dmp

Filesize
10.8MB

Download
memory/3180-12-0x000000001E910000-0x000000001E920000-memory.dmp

Filesize
64KB

Download
memory/3180-13-0x000000001E910000-0x000000001E920000-memory.dmp

Filesize
64KB

Download
memory/3180-14-0x000000001E910000-0x000000001E920000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads