0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa

Analysis

max time kernel
150s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2025 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
Size

1.4MB
MD5

a34cd48b9d2a7eec315f37d00168f562
SHA1

638fe57b3c64e619a51ed6492850b7a3e1be7f0d
SHA256

0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa
SHA512

d8419138656a4a6f01c17fc6fa9cb42bf4bc8f1dbc938920eb0db69a5045a195b59317518c36574d3a01df51c54499d4d9f73cb8fd96a60259e59f6f931199b3
SSDEEP

24576:8tFS4j1cVPdZ8bBHeNxfMCrMhvHyZkno8DSdAqKWbJ7u:eriVabB+NeCANRofV7u

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1804	0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe

C:\Users\Admin\AppData\Local\Temp\0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe
"C:\Users\Admin\AppData\Local\Temp\0cbe2e2934947cf59350af1aa8faaacc26f2a08acb8a1b753dcd2e680bb2f7aa.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1804-0-0x00007FF9586A3000-0x00007FF9586A5000-memory.dmp

Filesize
8KB

Download
memory/1804-1-0x00000236CE650000-0x00000236CE68E000-memory.dmp

Filesize
248KB

Download
memory/1804-2-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-5-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-6-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-8-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-20-0x00007FF9586A3000-0x00007FF9586A5000-memory.dmp

Filesize
8KB

Download
memory/1804-21-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-22-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-23-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-24-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-25-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download
memory/1804-26-0x00007FF9586A0000-0x00007FF959161000-memory.dmp

Filesize
10.8MB

Download