5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/12/2024, 14:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Size

302KB
MD5

a9502d407c7a3e0c43ad669c27638793
SHA1

bf0b7815c6dac82643a5bf7bd397a6aa58a9e803
SHA256

5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135
SHA512

0dbe8772ded05ba2c67ea7a7e9bc291b76d8b73dbab86a35fca5b1138be41c2ee7a54333fcd7bf58823ab3b5f1f6250b98b829ca0c367cafb2176350f5454d25
SSDEEP

6144:mJNMAvoYumDMaLVA/HmH6iWmL/M+VK0lNSOBYJ0tYRVxGGPTY:HAvoYumDHVA/m9WmLlVK0lNQHPTY

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Users\\Admin\\AppData\\Roaming\\AB53C5B5C9C12778904926\\AB53C5B5C9C12778904926.exe"	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeSecurityPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeTakeOwnershipPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeLoadDriverPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeSystemProfilePrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeSystemtimePrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeProfSingleProcessPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeIncBasePriorityPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeCreatePagefilePrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeBackupPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeRestorePrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeShutdownPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeDebugPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeSystemEnvironmentPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeRemoteShutdownPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeUndockPrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: SeManageVolumePrivilege	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: 33	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: 34	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
Token: 35	2224	5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe

C:\Users\Admin\AppData\Local\Temp\5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe
"C:\Users\Admin\AppData\Local\Temp\5f3cd8392c045a321ccf0ede6f38a4016a236f257d0a6ab897bf7f3e21868135.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.