Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-01-2021 17:09
Static task
static1
Behavioral task
behavioral1
Sample
TEC20201601.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
TEC20201601.exe
-
Size
1.2MB
-
MD5
19682ff802fd6fc13c896ba4572e9edc
-
SHA1
c52eed4a18f23464ef7c8968c4a7cad63564d2e6
-
SHA256
73384c630a5bcbb5201f567aa142fc712df5c2ceb9b61c301a5e4a025af2b3ca
-
SHA512
31b65796fa7de32a80ab5244edea91642cca0b3161bd82a93d5601bd1f9b28b5de6a6647a053dfcfca2d10a54165dcdff9f221cb49690707b9a4a85719a56dc1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
TEC20201601.exepid process 1732 TEC20201601.exe 1732 TEC20201601.exe 1732 TEC20201601.exe 1732 TEC20201601.exe 1732 TEC20201601.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
TEC20201601.exedescription pid process Token: SeDebugPrivilege 1732 TEC20201601.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
TEC20201601.exedescription pid process target process PID 1732 wrote to memory of 1336 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 1336 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 1336 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 1336 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 556 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 556 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 556 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 556 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 592 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 592 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 592 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 592 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 1532 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 1532 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 1532 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 1532 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 776 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 776 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 776 1732 TEC20201601.exe TEC20201601.exe PID 1732 wrote to memory of 776 1732 TEC20201601.exe TEC20201601.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"C:\Users\Admin\AppData\Local\Temp\TEC20201601.exe"2⤵