Analysis
-
max time kernel
121s -
max time network
132s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-10-2021 19:44
Static task
static1
Behavioral task
behavioral1
Sample
ace96cf7ef24eeac993b4da172a5a8f0.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ace96cf7ef24eeac993b4da172a5a8f0.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
ace96cf7ef24eeac993b4da172a5a8f0.exe
-
Size
359KB
-
MD5
ace96cf7ef24eeac993b4da172a5a8f0
-
SHA1
fa89615f55a87ef1d9ee9330ec5b0c040f54e8c1
-
SHA256
d4ee80500d9c280e85b290b467592a5910e9d4ee127cfda17ad40467b2c88942
-
SHA512
e1d5279223d7e82003bad73e94b1607b043c0b987987e99dc39ab9790558c4c840cd6949a37f87134fbd13b64c4a2492fb572eebde870db709d2a77c419c7ea1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
dw20.exepid process 952 dw20.exe 952 dw20.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
dw20.exedescription pid process Token: SeRestorePrivilege 952 dw20.exe Token: SeBackupPrivilege 952 dw20.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ace96cf7ef24eeac993b4da172a5a8f0.exedescription pid process target process PID 3720 wrote to memory of 952 3720 ace96cf7ef24eeac993b4da172a5a8f0.exe dw20.exe PID 3720 wrote to memory of 952 3720 ace96cf7ef24eeac993b4da172a5a8f0.exe dw20.exe PID 3720 wrote to memory of 952 3720 ace96cf7ef24eeac993b4da172a5a8f0.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ace96cf7ef24eeac993b4da172a5a8f0.exe"C:\Users\Admin\AppData\Local\Temp\ace96cf7ef24eeac993b4da172a5a8f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 9322⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken