f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Size

26KB
MD5

63166f4636e5156006b25b214f8708ca
SHA1

965291a6f60d6141b76288f5de8ac8af2857b3fb
SHA256

f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e
SHA512

224710e280786a5af58ba1114dcf20a3a60b3aa75c8f9b393e76a79d673c4ba16dc8616538ef29080a66c945371aeaf4a4fb032e79c5978a6cb5a81fac3a2e3d
SSDEEP

768:XjjptCnpgZ6R//jf4nqvyj5J7BoIDbj8I:XjdtCnpgwZzDvypoIDEI

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
68	pastebin.com
116	pastebin.com
119	pastebin.com
122	pastebin.com
123	pastebin.com
37	pastebin.com
60	pastebin.com
92	pastebin.com
109	pastebin.com
50	pastebin.com
74	pastebin.com
84	pastebin.com
86	pastebin.com
121	pastebin.com
29	pastebin.com
35	pastebin.com
55	pastebin.com
58	pastebin.com
80	pastebin.com
83	pastebin.com
87	pastebin.com
106	pastebin.com
126	pastebin.com
22	pastebin.com
40	pastebin.com
57	pastebin.com
93	pastebin.com
34	pastebin.com
81	pastebin.com
77	pastebin.com
85	pastebin.com
124	pastebin.com
66	pastebin.com
107	pastebin.com
38	pastebin.com
63	pastebin.com
117	pastebin.com
33	pastebin.com
67	pastebin.com
112	pastebin.com
113	pastebin.com
61	pastebin.com
90	pastebin.com
111	pastebin.com
114	pastebin.com
118	pastebin.com
120	pastebin.com
23	pastebin.com
36	pastebin.com
65	pastebin.com
98	pastebin.com
115	pastebin.com
59	pastebin.com
62	pastebin.com
108	pastebin.com
125	pastebin.com
39	pastebin.com
43	pastebin.com
64	pastebin.com
82	pastebin.com
110	pastebin.com
73	pastebin.com
78	pastebin.com
79	pastebin.com

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeDebugPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: 33	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
Token: SeIncBasePriorityPrivilege	4748	f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe

C:\Users\Admin\AppData\Local\Temp\f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe
"C:\Users\Admin\AppData\Local\Temp\f479721c75395efd183d8938a7f8491492658c5c742b73fbf2293050a2de147e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4748-0-0x00007FFFD6CD3000-0x00007FFFD6CD5000-memory.dmp

Filesize
8KB

Download
memory/4748-1-0x0000012CB4830000-0x0000012CB483C000-memory.dmp

Filesize
48KB

Download
memory/4748-2-0x00007FFFD6CD0000-0x00007FFFD7791000-memory.dmp

Filesize
10.8MB

Download
memory/4748-3-0x00007FFFD6CD3000-0x00007FFFD6CD5000-memory.dmp

Filesize
8KB

Download
memory/4748-4-0x00007FFFD6CD0000-0x00007FFFD7791000-memory.dmp

Filesize
10.8MB

Download