62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128

Analysis

max time kernel
4294178s
max time network
121s
platform
windows7_x64
resource
win7-20220223-en
submitted
10-03-2022 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
Size

5.1MB
MD5

2394239524d152a87311e91311ab0abb
SHA1

784942496518b70fce9b81d5e85c2ea95bb0c89b
SHA256

62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128
SHA512

d75ca0028286079fc592f0704077cdebcde4f9c55a11350df521d70a97169a12aef2275be8cd408132620f418f9f5c5833bf6b21e837615f80f3afb193a01bb6

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 552	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	27
PID 1720 wrote to memory of 552	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	27
PID 1720 wrote to memory of 552	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	27
PID 1720 wrote to memory of 552	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	27
PID 1720 wrote to memory of 1696	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	28
PID 1720 wrote to memory of 1696	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	28
PID 1720 wrote to memory of 1696	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	28
PID 1720 wrote to memory of 1696	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	28
PID 1720 wrote to memory of 1208	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	29
PID 1720 wrote to memory of 1208	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	29
PID 1720 wrote to memory of 1208	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	29
PID 1720 wrote to memory of 1208	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	29
PID 1720 wrote to memory of 860	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	30
PID 1720 wrote to memory of 860	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	30
PID 1720 wrote to memory of 860	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	30
PID 1720 wrote to memory of 860	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	30
PID 1720 wrote to memory of 708	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	31
PID 1720 wrote to memory of 708	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	31
PID 1720 wrote to memory of 708	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	31
PID 1720 wrote to memory of 708	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	31
PID 1720 wrote to memory of 1244	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	32
PID 1720 wrote to memory of 1244	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	32
PID 1720 wrote to memory of 1244	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	32
PID 1720 wrote to memory of 1244	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	32
PID 1720 wrote to memory of 1464	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	33
PID 1720 wrote to memory of 1464	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	33
PID 1720 wrote to memory of 1464	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	33
PID 1720 wrote to memory of 1464	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	33
PID 1720 wrote to memory of 1128	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	34
PID 1720 wrote to memory of 1128	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	34
PID 1720 wrote to memory of 1128	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	34
PID 1720 wrote to memory of 1128	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	34
PID 1720 wrote to memory of 1472	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	35
PID 1720 wrote to memory of 1472	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	35
PID 1720 wrote to memory of 1472	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	35
PID 1720 wrote to memory of 1472	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	35
PID 1720 wrote to memory of 1468	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	36
PID 1720 wrote to memory of 1468	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	36
PID 1720 wrote to memory of 1468	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	36
PID 1720 wrote to memory of 1468	1720	62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe	36

C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
"C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:552
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:1696
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:1208
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:860
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:708
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:1244
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:1464
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:1128
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:1472
- C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  C:\Users\Admin\AppData\Local\Temp\62451199b2f6fad4f345a5c3b4d7ece0c3b458fd85adbb1e802ea122c1170128.exe
  2⤵
  PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1720-54-0x0000000000170000-0x0000000000692000-memory.dmp

Filesize
5.1MB

Download
memory/1720-55-0x0000000074580000-0x0000000074C6E000-memory.dmp

Filesize
6.9MB

Download
memory/1720-56-0x0000000004E00000-0x0000000004E01000-memory.dmp

Filesize
4KB

Download
memory/1720-57-0x0000000006250000-0x0000000006758000-memory.dmp

Filesize
5.0MB

Download
memory/1720-58-0x0000000000810000-0x000000000082C000-memory.dmp

Filesize
112KB

Download