Analysis
-
max time kernel
20s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-05-2022 14:18
Static task
static1
Behavioral task
behavioral1
Sample
de3eafb5fa64237cb2d54949c432f19c.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
de3eafb5fa64237cb2d54949c432f19c.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
de3eafb5fa64237cb2d54949c432f19c.exe
-
Size
2.0MB
-
MD5
de3eafb5fa64237cb2d54949c432f19c
-
SHA1
bbb3d8d70e1416241b469c3f58596986957ac39d
-
SHA256
93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78
-
SHA512
e01e963313fdede9144ddd4133a2f101177659902d821c994527ab4db627d5ce56e2e34d8c818b4bcbebe2fdfe74e9f0d15b715afa5df89ecfbe8eb73427b0c6
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
de3eafb5fa64237cb2d54949c432f19c.exedescription pid process Token: SeLoadDriverPrivilege 1976 de3eafb5fa64237cb2d54949c432f19c.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
de3eafb5fa64237cb2d54949c432f19c.exedescription pid process target process PID 1976 wrote to memory of 824 1976 de3eafb5fa64237cb2d54949c432f19c.exe cmd.exe PID 1976 wrote to memory of 824 1976 de3eafb5fa64237cb2d54949c432f19c.exe cmd.exe PID 1976 wrote to memory of 824 1976 de3eafb5fa64237cb2d54949c432f19c.exe cmd.exe PID 1976 wrote to memory of 824 1976 de3eafb5fa64237cb2d54949c432f19c.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\de3eafb5fa64237cb2d54949c432f19c.exe"C:\Users\Admin\AppData\Local\Temp\de3eafb5fa64237cb2d54949c432f19c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md C:\DownLoad-Helper2⤵