df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe
Size

9.8MB
MD5

ec9e7e5fea4e76e6c84a9141989bfbe0
SHA1

0738dd017dfd97eeec757c8567725d96226c97be
SHA256

df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271
SHA512

1fd71022143bbd91f20fc9a4f513b1ab89c83c507224dc89d8f5caa5b277858c14a3b3636034fffde19bb99b0a5aaf7e6027a8b2d6b685fc7a8199728f075536
SSDEEP

196608:dPGS2f3d3reKfTknINTJZn8Wsx8YLkWurkounKGg9N0LM265mU7DKRkiOS/F:Q3dePnOn8WsWYLwPunq0LC5URt9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe

pid	process
540	df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe
540	df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe
540	df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe

description pid process

Token: SeDebugPrivilege 540 df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe

description	pid	process
Token: SeDebugPrivilege	540	df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe

C:\Users\Admin\AppData\Local\Temp\df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe
"C:\Users\Admin\AppData\Local\Temp\df7fd074765221bd5b035ee410ea7ffd98b77a7bb53214a6c8b8a1fb07064271.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/540-0-0x00007FFBBBDC3000-0x00007FFBBBDC5000-memory.dmp

Filesize
8KB

Download
memory/540-1-0x000001BF50770000-0x000001BF51140000-memory.dmp

Filesize
9.8MB

Download
memory/540-2-0x000001BF51510000-0x000001BF51556000-memory.dmp

Filesize
280KB

Download
memory/540-3-0x00007FFBBBDC0000-0x00007FFBBC881000-memory.dmp

Filesize
10.8MB

Download
memory/540-5-0x000001BF52D30000-0x000001BF52D3C000-memory.dmp

Filesize
48KB

Download
memory/540-4-0x000001BF52D20000-0x000001BF52D28000-memory.dmp

Filesize
32KB

Download
memory/540-7-0x000001BF52DE0000-0x000001BF52DE8000-memory.dmp

Filesize
32KB

Download
memory/540-6-0x000001BF52D50000-0x000001BF52D5A000-memory.dmp

Filesize
40KB

Download
memory/540-8-0x000001BF6CEF0000-0x000001BF6D0EC000-memory.dmp

Filesize
2.0MB

Download
memory/540-10-0x000001BF6D0F0000-0x000001BF6D0F8000-memory.dmp

Filesize
32KB

Download
memory/540-9-0x000001BF52D40000-0x000001BF52D4E000-memory.dmp

Filesize
56KB

Download
memory/540-19-0x000001BF6D3B0000-0x000001BF6D3B8000-memory.dmp

Filesize
32KB

Download
memory/540-21-0x000001BF6D3D0000-0x000001BF6D3D8000-memory.dmp

Filesize
32KB

Download
memory/540-20-0x000001BF6D3C0000-0x000001BF6D3C8000-memory.dmp

Filesize
32KB

Download
memory/540-22-0x000001BF6D3E0000-0x000001BF6D3E8000-memory.dmp

Filesize
32KB

Download
memory/540-23-0x000001BF6D3F0000-0x000001BF6D3F8000-memory.dmp

Filesize
32KB

Download
memory/540-24-0x000001BF6D400000-0x000001BF6D408000-memory.dmp

Filesize
32KB

Download
memory/540-26-0x000001BF6D3A0000-0x000001BF6D3AA000-memory.dmp

Filesize
40KB

Download
memory/540-25-0x000001BF6D410000-0x000001BF6D428000-memory.dmp

Filesize
96KB

Download
memory/540-27-0x000001BF6D430000-0x000001BF6D47C000-memory.dmp

Filesize
304KB

Download
memory/540-28-0x000001BF6D480000-0x000001BF6D488000-memory.dmp

Filesize
32KB

Download
memory/540-29-0x000001BF6D5D0000-0x000001BF6D680000-memory.dmp

Filesize
704KB

Download
memory/540-30-0x000001BF6D7F0000-0x000001BF6D7F8000-memory.dmp

Filesize
32KB

Download
memory/540-31-0x000001BF719C0000-0x000001BF719F8000-memory.dmp

Filesize
224KB

Download
memory/540-32-0x000001BF6D9B0000-0x000001BF6D9BE000-memory.dmp

Filesize
56KB

Download
memory/540-33-0x00007FFBBBDC3000-0x00007FFBBBDC5000-memory.dmp

Filesize
8KB

Download
memory/540-34-0x00007FFBBBDC0000-0x00007FFBBC881000-memory.dmp

Filesize
10.8MB

Download