2de0849e81686ef91ab4dfca1c589247c7d8edb937051b2dd3d4b9f16c8cb3fc | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-de
resource tags

arch:x64arch:x86image:win7-20240221-delocale:de-deos:windows7-x64systemwindows
submitted
15-04-2024 06:33

Sharing

Report Analysis Logs

General

Target

tftpd32.exe
Size

331KB
MD5

733ed472edbba6fccff0a74882cd6b51
SHA1

8b143ab4d83e94026bea4ed91db235a72ff9ac62
SHA256

c270ebd42ac19805f58bda8a0a34898add80cdaff3594038c3c9b47fdb0fa06a
SHA512

efcf4cef164009b54cda6d3c78a60954440c8655ed1c9b5eae9535d4129234f14dbd05938c57039edb39e277a44908b17c1859b77d09d4d9926fbd7cda617a4d
SSDEEP

6144:f7dNxvTgwFHnSLeKyQ8SRFWv+ERVQTx6/wTAb0TWoTfRIw4Sr+:fZPDlnSLKSRk+ER+Tx68Amf4E+

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

tftpd32.exe

description pid process

Token: 33 1872 tftpd32.exe
Token: SeIncBasePriorityPrivilege 1872 tftpd32.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

tftpd32.exe

pid process

1872 tftpd32.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

tftpd32.exe

pid process

1872 tftpd32.exe

C:\Users\Admin\AppData\Local\Temp\tftpd32.exe
"C:\Users\Admin\AppData\Local\Temp\tftpd32.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads