Analysis
-
max time kernel
14s -
max time network
125s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
03/08/2021, 12:06
Static task
static1
Behavioral task
behavioral1
Sample
da484abefb23789c13add9ecd7ea7eeb.exe
Resource
win7v20210410
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
da484abefb23789c13add9ecd7ea7eeb.exe
Resource
win10v20210410
0 signatures
0 seconds
General
-
Target
da484abefb23789c13add9ecd7ea7eeb.exe
-
Size
693KB
-
MD5
da484abefb23789c13add9ecd7ea7eeb
-
SHA1
cf0098c51761c3c9b860cdfd290734f0d1657bba
-
SHA256
223dfd54929007ac23d6a20dbcf81a519a14f1c4061d23afcb761b75796042d2
-
SHA512
380d3227555739a95ae2514fbe1f24882cbf91db508339837aee2fc6d1ac1c5a7feabcef9bf87ebc8b4efe6fa1f142f2ad9efd595899875fd1e416aa1965d368
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2016 da484abefb23789c13add9ecd7ea7eeb.exe 2016 da484abefb23789c13add9ecd7ea7eeb.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2016 da484abefb23789c13add9ecd7ea7eeb.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2016 da484abefb23789c13add9ecd7ea7eeb.exe 2016 da484abefb23789c13add9ecd7ea7eeb.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2016 wrote to memory of 1348 2016 da484abefb23789c13add9ecd7ea7eeb.exe 78 PID 2016 wrote to memory of 1348 2016 da484abefb23789c13add9ecd7ea7eeb.exe 78 PID 2016 wrote to memory of 1348 2016 da484abefb23789c13add9ecd7ea7eeb.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\da484abefb23789c13add9ecd7ea7eeb.exe"C:\Users\Admin\AppData\Local\Temp\da484abefb23789c13add9ecd7ea7eeb.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\da484abefb23789c13add9ecd7ea7eeb.exe"C:\Users\Admin\AppData\Local\Temp\da484abefb23789c13add9ecd7ea7eeb.exe"2⤵PID:1348
-