6bcae54165388baf4e7b7cc5adbd4a2a6f1174eaffc3e5d7d7b6aa7013718e7a | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 08:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a35c0608e4a4cc562442f2f291842c4a.exe
Size

91KB
MD5

a35c0608e4a4cc562442f2f291842c4a
SHA1

a1218d7beab0423feab0d116e46416870d9fa963
SHA256

6bcae54165388baf4e7b7cc5adbd4a2a6f1174eaffc3e5d7d7b6aa7013718e7a
SHA512

04a6ffd3b3a3f410e0a02e580d7bfe541709a63de4bc246c46966666e5ff06fb9c853af776fff42c157a8520e1863f7e169c3b5d329e7097eb7ea766f2a31114
SSDEEP

1536:CGwtRxOBJyypgmDjVwCfIAIYfGJmIMWtEMfgjtEFA:vwtRonyypexoiNtxYGA

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2556	a35c0608e4a4cc562442f2f291842c4a.exe
2556	a35c0608e4a4cc562442f2f291842c4a.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2556	a35c0608e4a4cc562442f2f291842c4a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2556	a35c0608e4a4cc562442f2f291842c4a.exe

C:\Users\Admin\AppData\Local\Temp\a35c0608e4a4cc562442f2f291842c4a.exe
"C:\Users\Admin\AppData\Local\Temp\a35c0608e4a4cc562442f2f291842c4a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2556-1-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download