Analysis
-
max time kernel
19s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
20-02-2022 04:57
Static task
static1
Behavioral task
behavioral1
Sample
884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe
-
Size
124KB
-
MD5
3925ae7df3328773be923f74d70555e3
-
SHA1
948af4614e8ff150fbe0bc38f40806b457acaf3a
-
SHA256
884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5
-
SHA512
1eb06c442f6c63d7f5908a57ec57852678820349385e8e77aa0baaa584e6bb2dca59c0e2d4529734f9108e298d245e755202b70461cc1e6402ef37cc7d3d942d
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exepid process 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exedescription pid process Token: SeDebugPrivilege 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exedescription pid process target process PID 3904 wrote to memory of 2340 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe sihost.exe PID 3904 wrote to memory of 2380 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe svchost.exe PID 3904 wrote to memory of 2476 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe taskhostw.exe PID 3904 wrote to memory of 2416 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe Explorer.EXE PID 3904 wrote to memory of 2872 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe svchost.exe PID 3904 wrote to memory of 3268 3904 884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe DllHost.exe
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe"C:\Users\Admin\AppData\Local\Temp\884efd1521e2fff9a05e7428239b3d9b92442ecef1248dd2bb295b253016dfb5.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2340-130-0x00007FF6DB290000-0x00007FF6DB611000-memory.dmpFilesize
3.5MB