5afb01cf9eeec5f1a72dd74355090452920b222efb4ea9bcf391a8dbf3843ad5 | Triage

Resubmissions

23/01/2024, 22:53

240123-2t11wscbe9 5

23/01/2024, 22:47

240123-2qmdbsbgen 4

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 22:53

Sharing

Report Analysis Logs

General

Target

PDFSuperHero.exe
Size

4.9MB
MD5

0b41df409946ee29b1204070b0345644
SHA1

66098385dd358993899714860e5dc103127963e7
SHA256

4210bd4762062676cfa261855cf15927e75d7f5d603daf1706b90db4887e9606
SHA512

a8434d439fca4d9da0d147c93cb04d44a04f6a93416ad3a59c8aa86b8832aaedd90065354bb6edd3b6ed4f04ed7d2a13b305786a3dcfa1f75f667fdb24fc2c86
SSDEEP

49152:CqepDZ6KxlsiYJuONuAlrXKGRV6FFkWKxlsiYJuONuAlrXKGRV6FFk4wJbnfUqAM:iRZSwmc

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2932	PDFSuperHero.exe

C:\Users\Admin\AppData\Local\Temp\PDFSuperHero.exe
"C:\Users\Admin\AppData\Local\Temp\PDFSuperHero.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-0-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download
memory/2932-1-0x0000000000930000-0x0000000000E0E000-memory.dmp

Filesize
4.9MB

Download
memory/2932-4-0x0000000004F20000-0x0000000004F60000-memory.dmp

Filesize
256KB

Download
memory/2932-5-0x0000000074290000-0x000000007497E000-memory.dmp

Filesize
6.9MB

Download