60cb7fdafe9a3f618bd5eb5f16a2d0c6c5b291ac258a296dca3f75853efa9790 | Triage

Analysis

max time kernel
94s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 16:53

Sharing

Report Analysis Logs

General

Target

NL Hybrid.exe
Size

161KB
MD5

21c4a3300721338904a0f205e4a1ab3b
SHA1

5d76cda0274c82b90f71bd356317f5654c07201a
SHA256

bdb307d8ba6a6851d320ce2127e07ee4fed51d58e3598bec8b2dc7c16139b8d8
SHA512

6a9919f673756e3854b825810df297733302d1c7749c12ff1d3207916e0f970ceeb9759ab3e22ce82f922d1c1657f2690c93db0fdfb2e6e963618eb3c8c7a1b8
SSDEEP

3072:U7LW6Pr46prwG2k5GlI1JWE9QVsxyvJyn4NTfQf1VZlhWhruNeQO:UXWJ5kICW3Jyn4if1VZfiuwQ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1728	NL Hybrid.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1728	NL Hybrid.exe

C:\Users\Admin\AppData\Local\Temp\NL Hybrid.exe
"C:\Users\Admin\AppData\Local\Temp\NL Hybrid.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-0-0x00000219E4BD0000-0x00000219E4BD1000-memory.dmp

Filesize
4KB

Download