b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
Size

1.4MB
MD5

c4a19e5bc94ef4c6619be422faf336a2
SHA1

1f5b228ba4e0d56acd7cc8b7d792aee38544c9c9
SHA256

b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794
SHA512

258c81971de62ccf664f24788ab002093b8eae228dcf7493afdf431a79198241d78561af1fb68a1bcbfde5e13b078723f57d69c68bed246acf0ddb8061727e3a
SSDEEP

24576:Ptk6/xxsyaIJQ5spHmcM7yM7leG078N8WnDSfLbJ7T:rTstyEsAcMmM7lV078N8WELV7T

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2224	b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe

C:\Users\Admin\AppData\Local\Temp\b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe
"C:\Users\Admin\AppData\Local\Temp\b8e4405e6d237927dae234d7c7b0da6ca63abf1c9192c86e3ddc228dff7e6794.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-0-0x000007FEF5F03000-0x000007FEF5F04000-memory.dmp

Filesize
4KB

Download
memory/2224-1-0x0000000000240000-0x000000000027E000-memory.dmp

Filesize
248KB

Download
memory/2224-2-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-3-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-4-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-7-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-9-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-10-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-11-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-12-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-31-0x000007FEF5F03000-0x000007FEF5F04000-memory.dmp

Filesize
4KB

Download
memory/2224-32-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-33-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-34-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-35-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-36-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-37-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download
memory/2224-38-0x000007FEF5F00000-0x000007FEF68EC000-memory.dmp

Filesize
9.9MB

Download