Analysis
-
max time kernel
37s -
max time network
14s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-04-2021 14:41
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
gunzipped.exe
-
Size
879KB
-
MD5
1e214794b9698010528681d8a7218b27
-
SHA1
e5ead869d987721f2fe57f92761bfa0211f13cd1
-
SHA256
552dfc754e6cdb214ed63e71645340e3e61f006b4472ec33afd6c753ed311a99
-
SHA512
088112b695f412a84b154aed8855327e89a24475b9bbe5c10817fcaf93bd67740f12dcc89d7a3096c0796dfce1ebf93c1c5f412472f706c5fb016ea2c3c969e2
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
gunzipped.exepid process 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe 780 gunzipped.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
gunzipped.exedescription pid process Token: SeDebugPrivilege 780 gunzipped.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
gunzipped.exedescription pid process target process PID 780 wrote to memory of 1380 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1380 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1380 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1380 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1524 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1524 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1524 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1524 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1592 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1592 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1592 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1592 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 300 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 300 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 300 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 300 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1580 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1580 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1580 780 gunzipped.exe gunzipped.exe PID 780 wrote to memory of 1580 780 gunzipped.exe gunzipped.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"{path}"2⤵