a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2025, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
Size

1.3MB
MD5

e566f246b784797b9a64b3642e5da1ee
SHA1

a1d54363e65b5a7be1ee8328bd0f131fc256176a
SHA256

a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b
SHA512

8df5e8451e185d4137eab733067932b27e5faa22d29740fa7897d988ad636ee944272d4d71eed5482cd25cb172ca79e8b6f49ac2b3ea755873e5aad944776f4b
SSDEEP

24576:S4jmC0iCNP4XHS4RkHN9vvAEoDSp9pTcQebJ7K:znCpgy4QN9vh9pTfeV7K

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2928	a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe

C:\Users\Admin\AppData\Local\Temp\a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe
"C:\Users\Admin\AppData\Local\Temp\a79ff68af2cec6f5665fed6a0ea0b75b3afd4b1540f5cb1ff70e457bf623775b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2928-0-0x00007FF81EDB3000-0x00007FF81EDB5000-memory.dmp

Filesize
8KB

Download
memory/2928-1-0x00000211D8CA0000-0x00000211D8CDE000-memory.dmp

Filesize
248KB

Download
memory/2928-2-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download
memory/2928-5-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download
memory/2928-6-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download
memory/2928-8-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download
memory/2928-18-0x00007FF81EDB3000-0x00007FF81EDB5000-memory.dmp

Filesize
8KB

Download
memory/2928-19-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download
memory/2928-20-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download
memory/2928-21-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download
memory/2928-22-0x00007FF81EDB0000-0x00007FF81F871000-memory.dmp

Filesize
10.8MB

Download