d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/04/2024, 01:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pgsql.exe
Size

6.7MB
MD5

dc17be1cd14d4671be693887310c64a1
SHA1

a6b37e239aaed421ffac023406483d2c8a14e932
SHA256

d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1
SHA512

3831c54dc8aa80c6e7ed69142c2e5a285838a3f0b81367920cfdc66f104d8484814b1ec582035f2f2a7f18869186e617ad44c2c2f23b92be51bd18ee97b440a3
SSDEEP

49152:5kBvM7sEnhrb/TMvO90d7HjmAFd4A64nsfJebrZtrttwUIQFAO167pHWnp3SJNC+:tgrzwUnp0z/EOnrG6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2328	pgsql.exe

C:\Users\Admin\AppData\Local\Temp\pgsql.exe
"C:\Users\Admin\AppData\Local\Temp\pgsql.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2328-0-0x000000013F480000-0x000000013FB95000-memory.dmp

Filesize
7.1MB

Download