Analysis Overview
score
6/10
SHA256
bf6da86c367afe64c5916b69100d1452ad796dbee9235be94530d1cf347b385c
Threat Level: Shows suspicious behavior
The file lowp.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:30
Reported
2024-06-12 18:31
Platform
win11-20240611-en
Max time kernel
24s
Command Line
"C:\Users\Admin\AppData\Local\Temp\lowp.exe"
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\lowp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lowp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\lowp.exe
"C:\Users\Admin\AppData\Local\Temp\lowp.exe"
Network
N/A
Files
N/A