Analysis Overview
SHA256
c9cacf6d96b470c632a2467dec8a706f3d7f42c0e3f3733f85cbf6dc83bb74c7
Threat Level: Shows suspicious behavior
The file lowp.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Unsigned PE
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 15:22
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 15:22
Reported
2024-06-14 15:25
Platform
win7-20240611-en
Max time kernel
11s
Max time network
4s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\lowp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lowp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\lowp.exe
"C:\Users\Admin\AppData\Local\Temp\lowp.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 15:22
Reported
2024-06-14 15:23
Platform
win10v2004-20240508-en
Max time kernel
11s
Max time network
18s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\lowp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\lowp.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\lowp.exe
"C:\Users\Admin\AppData\Local\Temp\lowp.exe"
C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} /I {000214E6-0000-0000-C000-000000000046} /X 0x401