Analysis
-
max time kernel
110s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-10-2021 14:40
Static task
static1
Behavioral task
behavioral1
Sample
ace96cf7ef24eeac993b4da172a5a8f0.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ace96cf7ef24eeac993b4da172a5a8f0.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
ace96cf7ef24eeac993b4da172a5a8f0.exe
-
Size
359KB
-
MD5
ace96cf7ef24eeac993b4da172a5a8f0
-
SHA1
fa89615f55a87ef1d9ee9330ec5b0c040f54e8c1
-
SHA256
d4ee80500d9c280e85b290b467592a5910e9d4ee127cfda17ad40467b2c88942
-
SHA512
e1d5279223d7e82003bad73e94b1607b043c0b987987e99dc39ab9790558c4c840cd6949a37f87134fbd13b64c4a2492fb572eebde870db709d2a77c419c7ea1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
dw20.exepid process 1136 dw20.exe 1136 dw20.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
dw20.exedescription pid process Token: SeRestorePrivilege 1136 dw20.exe Token: SeBackupPrivilege 1136 dw20.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ace96cf7ef24eeac993b4da172a5a8f0.exedescription pid process target process PID 1664 wrote to memory of 1136 1664 ace96cf7ef24eeac993b4da172a5a8f0.exe dw20.exe PID 1664 wrote to memory of 1136 1664 ace96cf7ef24eeac993b4da172a5a8f0.exe dw20.exe PID 1664 wrote to memory of 1136 1664 ace96cf7ef24eeac993b4da172a5a8f0.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ace96cf7ef24eeac993b4da172a5a8f0.exe"C:\Users\Admin\AppData\Local\Temp\ace96cf7ef24eeac993b4da172a5a8f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 9282⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken