f5773e4517ef94e87022bae134a0298f6f9e688561c41e0ef5d4dd75d8defd51 | Triage

Analysis

max time kernel
124s
max time network
145s
platform
windows7_x64
resource
win7v200430
submitted
08-07-2020 16:03

Sharing

Report Analysis Logs

General

Target

784775471.exe
Size

408KB
MD5

82dd311b67db9b4bfd80b0477d84f493
SHA1

de87fbab7bb506fd95f11de12a124a70d68b5bd4
SHA256

f5773e4517ef94e87022bae134a0298f6f9e688561c41e0ef5d4dd75d8defd51
SHA512

864f2f95703d7123983f65093b4f7bc0fc89a1a2c8cec55f4faadb906c0a084e460eb03ab2242cc56adec700611fc6ea21db7bd9dfcd0ad08eec784f7661f753

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.fr
Port:
587
Username:
boudes@sagesse.fr
Password:
8p<@MrL3

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

784775471.exe

description pid process

Token: SeDebugPrivilege 1356 784775471.exe
Drops startup file 1 IoCs

Processes:

784775471.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bntyhxd.js 784775471.exe

C:\Users\Admin\AppData\Local\Temp\784775471.exe
"C:\Users\Admin\AppData\Local\Temp\784775471.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Drops startup file
PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...