Analysis
-
max time kernel
7s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
19/04/2024, 19:09
Static task
static1
Behavioral task
behavioral1
Sample
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe
Resource
win10v2004-20240412-en
General
-
Target
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe
-
Size
4.2MB
-
MD5
5311a52bcdf3090e008cf1037b16dcfb
-
SHA1
ea62b83066547331b96b6d43330ab31e4a0a346b
-
SHA256
ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f
-
SHA512
1000390bc85496f6c4b72802c5220a64e0b08dc137b6cfc231b9439b2cef6396adb2de451b77482f56a4982986e29c35c92e6eadd6c93274428e53df7141d3ef
-
SSDEEP
98304:BqrB5wn4OMCZOc7+DuxcvwRwKkZb9A25YIHnzSUGXdTRu1L6e:uBo4d4+DucuGBGNT0Lb
Malware Config
Signatures
-
Glupteba payload 6 IoCs
resource yara_rule behavioral2/memory/4836-2-0x00000000041C0000-0x0000000004AAB000-memory.dmp family_glupteba behavioral2/memory/4836-3-0x0000000000400000-0x0000000001DFD000-memory.dmp family_glupteba behavioral2/memory/384-53-0x0000000004110000-0x00000000049FB000-memory.dmp family_glupteba behavioral2/memory/384-55-0x0000000000400000-0x0000000001DFD000-memory.dmp family_glupteba behavioral2/memory/4836-57-0x00000000041C0000-0x0000000004AAB000-memory.dmp family_glupteba behavioral2/memory/4836-80-0x0000000000400000-0x0000000001DFD000-memory.dmp family_glupteba -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive powershell.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log powershell.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2892 = "Sudan Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2181 = "Astrakhan Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-82 = "Atlantic Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-261 = "GMT Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-335 = "Jordan Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-1822 = "Russia TZ 1 Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-412 = "E. Africa Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2451 = "Saint Pierre Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-132 = "US Eastern Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-771 = "Montevideo Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2342 = "Haiti Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-561 = "SE Asia Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2532 = "Chatham Islands Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-31 = "Mid-Atlantic Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2772 = "Omsk Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2592 = "Tocantins Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-262 = "GMT Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2871 = "Magallanes Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2062 = "North Korea Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-3052 = "Qyzylorda Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2392 = "Aleutian Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-172 = "Central Standard Time (Mexico)" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-572 = "China Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-351 = "FLE Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-1041 = "Ulaanbaatar Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-832 = "SA Eastern Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2371 = "Easter Island Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-431 = "Iran Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-742 = "New Zealand Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-211 = "Pacific Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-362 = "GTB Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-381 = "South Africa Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-1501 = "Turkey Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-292 = "Central European Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-271 = "Greenwich Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-1802 = "Line Islands Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2631 = "Norfolk Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2571 = "Turks and Caicos Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-41 = "E. South America Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-2491 = "Aus Central W. Daylight Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2536 powershell.exe 2536 powershell.exe 4836 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 4836 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 564 powershell.exe 564 powershell.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2536 powershell.exe Token: SeDebugPrivilege 4836 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Token: SeImpersonatePrivilege 4836 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe Token: SeDebugPrivilege 564 powershell.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4836 wrote to memory of 2536 4836 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 80 PID 4836 wrote to memory of 2536 4836 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 80 PID 4836 wrote to memory of 2536 4836 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 80 PID 384 wrote to memory of 564 384 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 86 PID 384 wrote to memory of 564 384 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 86 PID 384 wrote to memory of 564 384 ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe"C:\Users\Admin\AppData\Local\Temp\ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2536
-
-
C:\Users\Admin\AppData\Local\Temp\ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe"C:\Users\Admin\AppData\Local\Temp\ed1e43837f870a624b43c913f2bcd40a0f7e5f7699b4e139facb5039652b743f.exe"2⤵
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile3⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:564
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82