bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf

Analysis

max time kernel
136s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 09:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Size

4.4MB
MD5

624e46126c86ceffdfcdaa068599dad0
SHA1

c4ee112a4f53f208287f5cc44fb245dc460df4d1
SHA256

bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf
SHA512

541f78397e13d6eb32d6ba5193b428b5e5525a1cfabf0638f4dd05c4974642780c64ccaa6adaa0bdbe09805e620ab83fb7261922836a68f194abcc9737243dd1
SSDEEP

49152:I3+a0xtHe6Qr9oX9GVuMQkW05wWQALv2zzY8qwMGCh2QEikgSs:m+aCtHerr9otGMMQkt5wxALv2zzYtj7b

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 1	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeCreateTokenPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeAssignPrimaryTokenPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeLockMemoryPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeIncreaseQuotaPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeMachineAccountPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeTcbPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeSecurityPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeTakeOwnershipPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeLoadDriverPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeSystemProfilePrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeSystemtimePrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeProfSingleProcessPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeIncBasePriorityPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeCreatePagefilePrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeCreatePermanentPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeBackupPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeRestorePrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeShutdownPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeDebugPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeAuditPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeSystemEnvironmentPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeChangeNotifyPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeRemoteShutdownPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeUndockPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeSyncAgentPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeEnableDelegationPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeManageVolumePrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeImpersonatePrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: SeCreateGlobalPrivilege	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 31	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 32	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 33	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 34	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 35	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 36	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 37	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 38	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 39	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 40	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 41	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 42	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 43	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 44	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 45	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 46	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 47	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
Token: 48	4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
4640	bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe

C:\Users\Admin\AppData\Local\Temp\bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe
"C:\Users\Admin\AppData\Local\Temp\bd5035a2fa2508cd62201c58e99bd05d83addaa08444d3806451ac82b24a79cf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4640-0-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/4640-7-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads