63b2109d651e58bdceb6dcd68821e723f4a5ce45875405cf395ff04937ea26b8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Size

3.8MB
MD5

9f17d0e9bc37b8d8f59a92b9ee6e0ff7
SHA1

a881aeb52537a065cb93a781c47a7aedd1d52bad
SHA256

bd78488c88c8843888932c93f1ee8e976732cc08b3e98cabcd1ecec9d9ff48cd
SHA512

355d44470d6df39afa5f742d7086487065eeb0b27750043610f425fd647cd8510ea1afd0d7e0cfb2bd44a40f266ef01416c7e95ec2c11c4244a36d4a3698fe8c
SSDEEP

24576:k2ccX+yJ90eA5O0hqlNuh1nycJMe1ZlKzzRjGvwq3uXWhdecRtzADcinyyzq2y1y:yeNllM7ycyyy9Ce2s7g7Jn1o

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
21	raw.githubusercontent.com
22	raw.githubusercontent.com

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeDebugPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: 33	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
Token: SeIncBasePriorityPrivilege	2328	9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe

C:\Users\Admin\AppData\Local\Temp\9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe
"C:\Users\Admin\AppData\Local\Temp\9f17d0e9bc37b8d8f59a92b9ee6e0ff7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2328-0-0x00007FF967D33000-0x00007FF967D35000-memory.dmp

Filesize
8KB

Download
memory/2328-1-0x0000000000520000-0x00000000008F0000-memory.dmp

Filesize
3.8MB

Download
memory/2328-2-0x000000001B650000-0x000000001B836000-memory.dmp

Filesize
1.9MB

Download
memory/2328-3-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download
memory/2328-4-0x00000000012F0000-0x0000000001302000-memory.dmp

Filesize
72KB

Download
memory/2328-5-0x000000001E110000-0x000000001E14C000-memory.dmp

Filesize
240KB

Download
memory/2328-7-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download
memory/2328-8-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download
memory/2328-9-0x00007FF967D33000-0x00007FF967D35000-memory.dmp

Filesize
8KB

Download
memory/2328-10-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download
memory/2328-11-0x000000001BB30000-0x000000001BCD9000-memory.dmp

Filesize
1.7MB

Download
memory/2328-12-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download
memory/2328-13-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download
memory/2328-16-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download
memory/2328-18-0x00007FF967D30000-0x00007FF9687F1000-memory.dmp

Filesize
10.8MB

Download