d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1 | Triage

Analysis

max time kernel
136s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 01:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pgsql.exe
Size

6.7MB
MD5

dc17be1cd14d4671be693887310c64a1
SHA1

a6b37e239aaed421ffac023406483d2c8a14e932
SHA256

d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1
SHA512

3831c54dc8aa80c6e7ed69142c2e5a285838a3f0b81367920cfdc66f104d8484814b1ec582035f2f2a7f18869186e617ad44c2c2f23b92be51bd18ee97b440a3
SSDEEP

49152:5kBvM7sEnhrb/TMvO90d7HjmAFd4A64nsfJebrZtrttwUIQFAO167pHWnp3SJNC+:tgrzwUnp0z/EOnrG6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	736	pgsql.exe

C:\Users\Admin\AppData\Local\Temp\pgsql.exe
"C:\Users\Admin\AppData\Local\Temp\pgsql.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/736-0-0x00007FF6A65F0000-0x00007FF6A6D05000-memory.dmp

Filesize
7.1MB

Download