be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2025 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
Size

1.2MB
MD5

ce5771a05838b46f9b4c1ac4bb4341c2
SHA1

2400814d1fe48c257c11613f46344ce934985afc
SHA256

be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007
SHA512

fb8cac689bfd846fd423919f102a70ab6eaf4d0555b7d30bb728ab979e7801623767c2d84181e195136e3943fbc998920e75bc55f2908695b2bbb87d84c23ec8
SSDEEP

24576:wJWSxIVgmzVnE9pQE/5+vlj24J+yamDSVXT5XLKfE:pQIJz5EvQE/5GV+1rXT5XIE

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
Token: SeDebugPrivilege	3664	be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe

C:\Users\Admin\AppData\Local\Temp\be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe
"C:\Users\Admin\AppData\Local\Temp\be965fe5394355fed4788cba0c4ca5e1f2a39e1dfc7838265d2d486da9e25007.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3664-0-0x00000190290F0000-0x0000019029124000-memory.dmp

Filesize
208KB

Download
memory/3664-2-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-1-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-3-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-4-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-5-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-6-0x0000019047430000-0x0000019047438000-memory.dmp

Filesize
32KB

Download
memory/3664-8-0x00000190434D0000-0x00000190434DE000-memory.dmp

Filesize
56KB

Download
memory/3664-7-0x0000019043500000-0x0000019043538000-memory.dmp

Filesize
224KB

Download
memory/3664-21-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-22-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-23-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-24-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download
memory/3664-25-0x00007FF855930000-0x00007FF855B25000-memory.dmp

Filesize
2.0MB

Download