4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0

Analysis

max time kernel
141s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0.exe
Size

9.7MB
MD5

c9cb2c8969c1f10535557afe48f67981
SHA1

012a5eae54d3c5333c1cc0e35ab9d9f0c802848c
SHA256

4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0
SHA512

0f4ebbbd5dae93b133acac12a5a5eaf5b63beef3bce5c4212f7d86bdb4b986e58c01cb14154ee431041b7373cf7957f9549aa256bac5bc73516651fd830a22eb
SSDEEP

98304:pFhU4fZgQrxMTHjXZ7tBxU6XAXNTN/ZWWeYZLfyBlZw4+xKC0g4c5yvq8B1zLSJ5:JUI1hPLyz1SJtGew8ncCEGmK6pfL7Kbl

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	436	4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0.exe
Token: SeLockMemoryPrivilege	436	4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
436	4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0.exe

C:\Users\Admin\AppData\Local\Temp\4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0.exe
"C:\Users\Admin\AppData\Local\Temp\4518bf495714b43395011e7f87aae2afc12905492b514e06f8c1dfd6d7774ab0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/436-0-0x000001FD11A50000-0x000001FD11A70000-memory.dmp

Filesize
128KB

Download
memory/436-1-0x000001FD11BC0000-0x000001FD11BC4000-memory.dmp

Filesize
16KB

Download
memory/436-2-0x000001FD11BC0000-0x000001FD11BC4000-memory.dmp

Filesize
16KB

Download
memory/436-3-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-4-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-5-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-6-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-7-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-8-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-9-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-10-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-11-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-12-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-13-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-14-0x000001FD14530000-0x000001FD14550000-memory.dmp

Filesize
128KB

Download
memory/436-15-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-16-0x000001FD14570000-0x000001FD14590000-memory.dmp

Filesize
128KB

Download
memory/436-17-0x000001FD14550000-0x000001FD14570000-memory.dmp

Filesize
128KB

Download
memory/436-18-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download
memory/436-19-0x000001FD14570000-0x000001FD14590000-memory.dmp

Filesize
128KB

Download
memory/436-20-0x000001FD14550000-0x000001FD14570000-memory.dmp

Filesize
128KB

Download
memory/436-21-0x00007FF6E74A0000-0x00007FF6E7F09000-memory.dmp

Filesize
10.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads