00e2cdd5f0ef6cc957649e5f4aad426e8b778c155d5f88382869e79569c3ec4d | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 22:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e02ee72b009bbadaae1a77756e10dfd.exe
Size

10KB
MD5

3e02ee72b009bbadaae1a77756e10dfd
SHA1

77363ace6fff5e9a531ca803dc1d720476b4b5ab
SHA256

00e2cdd5f0ef6cc957649e5f4aad426e8b778c155d5f88382869e79569c3ec4d
SHA512

1e0542ea2c6dbff6dadcf6ad8370ec1204c63eb8cc805f3ae54b98cc812f5f8f661fb3e2f9fe038742a46012cb446472b85e1a52e27749d557cb8b6d09077b3f
SSDEEP

192:RU7fCfkiPfivQf4HW80JV6lD6F82cESWS+7:RefqPfivdB0J8llESWSK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2516	3e02ee72b009bbadaae1a77756e10dfd.exe
2516	3e02ee72b009bbadaae1a77756e10dfd.exe
2516	3e02ee72b009bbadaae1a77756e10dfd.exe
2516	3e02ee72b009bbadaae1a77756e10dfd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2516	3e02ee72b009bbadaae1a77756e10dfd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 1484	2516	3e02ee72b009bbadaae1a77756e10dfd.exe	88
PID 2516 wrote to memory of 1484	2516	3e02ee72b009bbadaae1a77756e10dfd.exe	88
PID 2516 wrote to memory of 1484	2516	3e02ee72b009bbadaae1a77756e10dfd.exe	88

C:\Users\Admin\AppData\Local\Temp\3e02ee72b009bbadaae1a77756e10dfd.exe
"C:\Users\Admin\AppData\Local\Temp\3e02ee72b009bbadaae1a77756e10dfd.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\3E02EE~1.EXE > nul
  2⤵
  PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads