719fb87279e6e34b87927d9371094a34371195cf890205e529c12368183a745f | Triage

Resubmissions

25/01/2024, 22:17

240125-17nr2shdhp 3

25/01/2024, 22:09

240125-12zmcshdbj 3

Analysis

max time kernel
30s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 22:17

Sharing

Report Analysis Logs

General

Target

EraFn_1.exe
Size

85KB
MD5

03d95e6635b58c29aac763af2c438672
SHA1

799ad513ef379aa9d1266f12e1ab80a7b46dcb2d
SHA256

719fb87279e6e34b87927d9371094a34371195cf890205e529c12368183a745f
SHA512

863da47ee713fd0a1452a5985fb741f0c4be937703bfa5201cfb8d86eded07bcbe5725846ce708def4e25b6dc2bf646b432ac06b5df4e6935d76ca3c88ffae6c
SSDEEP

1536:Wbk4bSMPrphSHSFXseDG7g14B185bh6hHX5Ou/JeeK2J:abKHSFXtGg8s6hHXl/JeeK2J

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3636	EraFn_1.exe

C:\Users\Admin\AppData\Local\Temp\EraFn_1.exe
"C:\Users\Admin\AppData\Local\Temp\EraFn_1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3636-0-0x0000025193F80000-0x0000025193F81000-memory.dmp

Filesize
4KB

Download