858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e

Analysis

max time kernel
92s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
Size

2.1MB
MD5

e2f8df394925a3e9c4539d49de0849c2
SHA1

bb27573b578c016492e6d377d3335bc1dd3961ee
SHA256

858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e
SHA512

d5fd6236f0ab1392aa9e6b44b45f6a581be4532c511a987ef1f0a90e157dd5e94045bcf076335b7ae877c39b32fad724e2f6b8e5cab9c56cfa62f2aaedbc02ea
SSDEEP

49152:RLnfchWdXmiSq+kqXfd+/9A+8ArSt+JE7fuvJuHaggq7maaR:5nflB13+kqXf0FkArS4m7osagP71aR

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3628	858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe

C:\Users\Admin\AppData\Local\Temp\858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe
"C:\Users\Admin\AppData\Local\Temp\858827d003372f417bcfb0e51880b7cc7c52377674f091eb6548cecdef95628e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3628-0-0x00007FFAA68C3000-0x00007FFAA68C5000-memory.dmp

Filesize
8KB

Download
memory/3628-1-0x00000261E9500000-0x00000261E971C000-memory.dmp

Filesize
2.1MB

Download
memory/3628-2-0x00000261EB2F0000-0x00000261EB30A000-memory.dmp

Filesize
104KB

Download
memory/3628-3-0x00007FFAA68C0000-0x00007FFAA7381000-memory.dmp

Filesize
10.8MB

Download
memory/3628-5-0x00007FFAA68C0000-0x00007FFAA7381000-memory.dmp

Filesize
10.8MB

Download