c7632a1bbe82c3d2ae9146a0289bc2080d03878dd89fd1d9e9503a9e57af43c4 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:35

Sharing

Report Analysis Logs

General

Target

1792EL4.4?/Update.exe
Size

101KB
MD5

1c14f26db6988b324bfeb1347f57f805
SHA1

10495d45e832a7899ca0910c53225e095c8b22c6
SHA256

8e41a0d3e866a0ace0f8c48e60d9e78cd9788189f24449d825e8f8fb6ec8101b
SHA512

b12afbcbab2a4bd4572e55475461bd39d321ad8fda69d9452bcde61e2c37cca732fba409687e3744faf3b85be51eee9080f8f19ce8fb11b2865012b9ec2f859c
SSDEEP

1536:Osc3EPdwBnqcVTdnCnuZIHDgIV0VNUIpWw/eSOdLh:DcgMqcVe9HMIqVBpPeSu

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Update.exe

description pid process

Token: SeDebugPrivilege 3052 Update.exe

C:\Users\Admin\AppData\Local\Temp\1792EL4.4_\Update.exe
"C:\Users\Admin\AppData\Local\Temp\1792EL4.4_\Update.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3052

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3052-0-0x000000007481E000-0x000000007481F000-memory.dmp

Filesize
4KB

Download
memory/3052-1-0x0000000001360000-0x0000000001380000-memory.dmp

Filesize
128KB

Download
memory/3052-2-0x0000000074810000-0x0000000074EFE000-memory.dmp

Filesize
6.9MB

Download
memory/3052-3-0x0000000074810000-0x0000000074EFE000-memory.dmp

Filesize
6.9MB

Download