60d7ac25ea2deba9677b304cd2cee4cd594ce1fd471c59f69541693a64829d78

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 11:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

瞓4.exe
Size

2.1MB
MD5

e79b8afcf84ca71086f9382e5f9d78e0
SHA1

6932b5019fc9364ad38aaefe65722c16c720519e
SHA256

60d7ac25ea2deba9677b304cd2cee4cd594ce1fd471c59f69541693a64829d78
SHA512

64ac2f25849c0acb5ab67d03b5d713ed769e3868f4e367457c4dd3c9af05b3cbf4d0591e64717a9aca4a8ee1a7f6cb61be6a22639739bb2dfe9acd40e6154106
SSDEEP

24576:aDapgTHBErT1Vyk4xpsZ/SvfG5VMhcLcEI4PqsCfcweEXCHBIZ040Q5Uv+EinI:amb4qMZp4PqtKEXChrQm+I

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	2328	瞓4.exe
Token: 1	2328	瞓4.exe
Token: SeCreateTokenPrivilege	2328	瞓4.exe
Token: SeAssignPrimaryTokenPrivilege	2328	瞓4.exe
Token: SeLockMemoryPrivilege	2328	瞓4.exe
Token: SeIncreaseQuotaPrivilege	2328	瞓4.exe
Token: SeMachineAccountPrivilege	2328	瞓4.exe
Token: SeTcbPrivilege	2328	瞓4.exe
Token: SeSecurityPrivilege	2328	瞓4.exe
Token: SeTakeOwnershipPrivilege	2328	瞓4.exe
Token: SeLoadDriverPrivilege	2328	瞓4.exe
Token: SeSystemProfilePrivilege	2328	瞓4.exe
Token: SeSystemtimePrivilege	2328	瞓4.exe
Token: SeProfSingleProcessPrivilege	2328	瞓4.exe
Token: SeIncBasePriorityPrivilege	2328	瞓4.exe
Token: SeCreatePagefilePrivilege	2328	瞓4.exe
Token: SeCreatePermanentPrivilege	2328	瞓4.exe
Token: SeBackupPrivilege	2328	瞓4.exe
Token: SeRestorePrivilege	2328	瞓4.exe
Token: SeShutdownPrivilege	2328	瞓4.exe
Token: SeDebugPrivilege	2328	瞓4.exe
Token: SeAuditPrivilege	2328	瞓4.exe
Token: SeSystemEnvironmentPrivilege	2328	瞓4.exe
Token: SeChangeNotifyPrivilege	2328	瞓4.exe
Token: SeRemoteShutdownPrivilege	2328	瞓4.exe
Token: SeUndockPrivilege	2328	瞓4.exe
Token: SeSyncAgentPrivilege	2328	瞓4.exe
Token: SeEnableDelegationPrivilege	2328	瞓4.exe
Token: SeManageVolumePrivilege	2328	瞓4.exe
Token: SeImpersonatePrivilege	2328	瞓4.exe
Token: SeCreateGlobalPrivilege	2328	瞓4.exe
Token: 31	2328	瞓4.exe
Token: 32	2328	瞓4.exe
Token: 33	2328	瞓4.exe
Token: 34	2328	瞓4.exe
Token: 35	2328	瞓4.exe
Token: 36	2328	瞓4.exe
Token: 37	2328	瞓4.exe
Token: 38	2328	瞓4.exe
Token: 39	2328	瞓4.exe
Token: 40	2328	瞓4.exe
Token: 41	2328	瞓4.exe
Token: 42	2328	瞓4.exe
Token: 43	2328	瞓4.exe
Token: 44	2328	瞓4.exe
Token: 45	2328	瞓4.exe
Token: 46	2328	瞓4.exe
Token: 47	2328	瞓4.exe
Token: 48	2328	瞓4.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2328	瞓4.exe
2328	瞓4.exe

C:\Users\Admin\AppData\Local\Temp\瞓4.exe
"C:\Users\Admin\AppData\Local\Temp\瞓4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
32B

MD5
1b42b5673d8cc2c9c86b9aa1e19e9597

SHA1
82ab224cbb11e3ad6a4e1b181a3e6caa09e7d081

SHA256
8726fbc85eb8110c869e8f8e1b0d09eeb9be88925877d2b5ddcc10d16d184e21

SHA512
f1ac229fb8b58b2f7d2d93394d7e34c8a69bd0d5bb9fc86154789b434391fcccd101a5e09b993c4760b9352e46e2dccac6ee645f560f9fe4e2cf6611099ee289

Download Submit
memory/2328-1-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/2328-7-0x0000000002900000-0x0000000002A01000-memory.dmp

Filesize
1.0MB

Download
memory/2328-19-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads