3278a693d0105143a9b45d585aa0e50bd9ffaa45a069c03a73ff0021a5ffc404 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:54

Sharing

Report Analysis Logs

General

Target

03ba214c86a77a48ea88d4e00536eb98.exe
Size

91KB
MD5

03ba214c86a77a48ea88d4e00536eb98
SHA1

0cf7a0226a13ec9514e9e9f2bed715c9cc406158
SHA256

3278a693d0105143a9b45d585aa0e50bd9ffaa45a069c03a73ff0021a5ffc404
SHA512

1d850a18d7559751c80d9db6a4bf231f0e849eaca341174bec016858df62f9d61e5beb63157db2e1bef180ac7c678d5a6bcaa58a98baf9d64a14a6c62d7e50f4
SSDEEP

1536:EGwtRxOBJyypgmDjVwCfIAIYfGJmIMWtEMfgjtEFvG:NwtRonyypexoiNtxYGe

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2824	03ba214c86a77a48ea88d4e00536eb98.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2824	03ba214c86a77a48ea88d4e00536eb98.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2824	03ba214c86a77a48ea88d4e00536eb98.exe

C:\Users\Admin\AppData\Local\Temp\03ba214c86a77a48ea88d4e00536eb98.exe
"C:\Users\Admin\AppData\Local\Temp\03ba214c86a77a48ea88d4e00536eb98.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads