Analysis Overview
SHA256
50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf
Threat Level: Likely benign
The file 50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf was found to be: Likely benign.
Malicious Activity Summary
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-26 09:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 09:55
Reported
2024-05-26 09:57
Platform
win7-20240215-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe
"C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe"
Network
Files
memory/2352-0-0x0000000000400000-0x0000000000F96000-memory.dmp
memory/2352-1-0x0000000077230000-0x0000000077277000-memory.dmp
memory/2352-506-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-510-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-512-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-516-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-524-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-522-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-520-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-518-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-514-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-508-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-504-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-503-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-526-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-528-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-532-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-540-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-564-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-530-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-562-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-560-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-558-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-556-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-554-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-552-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-550-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-548-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-546-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-544-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-542-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-538-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-536-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-534-0x0000000002D70000-0x0000000002E81000-memory.dmp
memory/2352-7810-0x0000000000400000-0x0000000000F96000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 09:55
Reported
2024-05-26 09:57
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe
"C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.189.79.40.in-addr.arpa | udp |
Files
memory/3588-0-0x0000000000400000-0x0000000000F96000-memory.dmp
memory/3588-1-0x0000000077080000-0x0000000077295000-memory.dmp