Analysis
-
max time kernel
300s -
max time network
307s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
26-02-2024 11:55
Behavioral task
behavioral1
Sample
mjed.exe
Resource
win10-20240221-en
3 signatures
300 seconds
General
-
Target
mjed.exe
-
Size
27KB
-
MD5
ccd138adfd7b6c7806ebf5a69fb0ec5d
-
SHA1
7173bca3c26c25d3948ed8dce5607797500ac3ae
-
SHA256
9b01b990c37f143b763b4dda75f54a9bff6f916bcee6af8ea7cec7be0481e4b5
-
SHA512
bcfd77b0f35db7774a4c95ad91f6dd597afd9913139ce2bc9b3bcc013ba5fff74160c71cccd8cdaf240df4f1386bcec7504402488f2408903a8baa3aea479136
-
SSDEEP
384:oLam4PanO4Y7pcdYGiTOCsPodxxM2AQk93vmhm7UMKmIEecKdbXTzm9bVhcaQ601:W63vc7OQ2A/vMHTi9bD
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk mjed.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe Token: SeIncBasePriorityPrivilege 2028 mjed.exe Token: 33 2028 mjed.exe