fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b | Triage

Analysis

max time kernel
31s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
19/02/2022, 23:52

Sharing

Report Analysis Logs

General

Target

fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe
Size

152KB
MD5

40492c178079e65dfd5449bf899413b6
SHA1

f3fa5d5942e5085586d7fcc496d3fad7804abcc2
SHA256

fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b
SHA512

986881496dcdfefc0b0cd20e2f0700368caec03a4f93889b5d3b8d345bffb0562c5d3e8584b96443e5e83eb3844d8f0851299986cb8c8b1c0b51e5e1970cf67a

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1584	fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe
1584	fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1584	fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 2300	1584	fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe	59
PID 1584 wrote to memory of 2344	1584	fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe	58
PID 1584 wrote to memory of 2424	1584	fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe	22

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
PID:2424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2344

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe
"C:\Users\Admin\AppData\Local\Temp\fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2300-130-0x00007FF67E430000-0x00007FF67E7BA000-memory.dmp

Filesize
3.5MB

Download
memory/2344-131-0x00007FF67E430000-0x00007FF67E7BA000-memory.dmp

Filesize
3.5MB

Download