ed1955afd366883d385daa15c374cbe662b5b864c057c95d54a56f568fd6c2e3 | Triage

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 23:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Pparetcoju.exe
Size

50KB
MD5

3c7c178a8a7e772f7e6b370ec7ec3253
SHA1

f718a2f84876b63d98106478b298600fab739778
SHA256

ed1955afd366883d385daa15c374cbe662b5b864c057c95d54a56f568fd6c2e3
SHA512

04ec53d7c9045f018e1f6b215dc6ca9b01b6f41b43bfd1b69eaf40ed16c91efe8dab2a04970b3bb6a574ef9293792ae755ecd2118e15ff76e1ea3e22630b4bd4
SSDEEP

1536:BKuX41kZy1C0faryvyiZndy3Gnn8aAyfx:+1EyJir5kndEGnnjpx

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4692	Pparetcoju.exe

C:\Users\Admin\AppData\Local\Temp\Pparetcoju.exe
"C:\Users\Admin\AppData\Local\Temp\Pparetcoju.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4692-0-0x000001E081150000-0x000001E081160000-memory.dmp

Filesize
64KB

Download
memory/4692-1-0x00007FFB02160000-0x00007FFB02C21000-memory.dmp

Filesize
10.8MB

Download
memory/4692-2-0x000001E081500000-0x000001E081506000-memory.dmp

Filesize
24KB

Download
memory/4692-3-0x00007FFB02160000-0x00007FFB02C21000-memory.dmp

Filesize
10.8MB

Download