Analysis
-
max time kernel
155s -
max time network
165s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 03:32
Static task
static1
Behavioral task
behavioral1
Sample
8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe
-
Size
206KB
-
MD5
be6e448595e3a98ddd11c3cfb49e51e6
-
SHA1
3be3d8f313d3f4d0421c0f496cd1f8a39a04ec14
-
SHA256
8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a
-
SHA512
af37c168d0031ea0ee0a25aa6a7698b02d36c232c195cb067a0966bd1b4aa9ac8045dfcf279fc492013231ed5288ea1dce20f89257618d70a77ab2ebb384972e
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
dw20.exepid process 2684 dw20.exe 2684 dw20.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exedescription pid process Token: SeDebugPrivilege 732 8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe Token: 33 732 8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe Token: SeIncBasePriorityPrivilege 732 8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exedescription pid process target process PID 732 wrote to memory of 2684 732 8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe dw20.exe PID 732 wrote to memory of 2684 732 8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe"C:\Users\Admin\AppData\Local\Temp\8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 9162⤵
- Suspicious behavior: EnumeratesProcesses