e6d7f37d1451b09717407d43c7e71b614aa956617b66c855b6a7759d763d2952 | Triage

Analysis

max time kernel
10s
max time network
25s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:18

Sharing

Report Analysis Logs

General

Target

017c8397f10e7b5baa1b4dce4238efd1.exe
Size

3KB
MD5

017c8397f10e7b5baa1b4dce4238efd1
SHA1

7dfefb900910deb39b38496179a7615fb3b610a3
SHA256

e6d7f37d1451b09717407d43c7e71b614aa956617b66c855b6a7759d763d2952
SHA512

93354a6c3756562c648d492753c6a6a065e36b6f00d1974a9c38c684cb76a012a3699da9fe489e1b50817c42794d07b7570ad31a3a497bb149f5c39ff551ddc5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe
1824	017c8397f10e7b5baa1b4dce4238efd1.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeSystemtimePrivilege	1824	017c8397f10e7b5baa1b4dce4238efd1.exe
Token: SeDebugPrivilege	1824	017c8397f10e7b5baa1b4dce4238efd1.exe
Token: SeSystemtimePrivilege	1824	017c8397f10e7b5baa1b4dce4238efd1.exe

C:\Users\Admin\AppData\Local\Temp\017c8397f10e7b5baa1b4dce4238efd1.exe
"C:\Users\Admin\AppData\Local\Temp\017c8397f10e7b5baa1b4dce4238efd1.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1824

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv jiftRZl/eUOhFl3svkEgzg.0
1⤵
PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-0-0x0000000000400000-0x0000000000400DA0-memory.dmp

Filesize
3KB

Download