Analysis
-
max time kernel
204s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 12:40
Behavioral task
behavioral1
Sample
8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe
-
Size
658KB
-
MD5
236b6ef81c0a48db78ed1cf55ca2814f
-
SHA1
cc4451e968eb003f7f9deb83712af8e491fb1128
-
SHA256
8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138
-
SHA512
84a9a8ad2e17b06893ac6860654e36d0e4567e994f083d3409ba61085f2caa895df14676e19c010377122325a384e042393f79f22546f94767940d5fa69c9d41
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exedescription pid process target process PID 1328 set thread context of 588 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe iexplore.exe -
Suspicious use of AdjustPrivilegeToken 46 IoCs
Processes:
8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exeiexplore.exedescription pid process Token: SeIncreaseQuotaPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeSecurityPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeTakeOwnershipPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeLoadDriverPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeSystemProfilePrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeSystemtimePrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeProfSingleProcessPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeIncBasePriorityPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeCreatePagefilePrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeBackupPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeRestorePrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeShutdownPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeDebugPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeSystemEnvironmentPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeChangeNotifyPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeRemoteShutdownPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeUndockPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeManageVolumePrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeImpersonatePrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeCreateGlobalPrivilege 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: 33 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: 34 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: 35 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe Token: SeIncreaseQuotaPrivilege 588 iexplore.exe Token: SeSecurityPrivilege 588 iexplore.exe Token: SeTakeOwnershipPrivilege 588 iexplore.exe Token: SeLoadDriverPrivilege 588 iexplore.exe Token: SeSystemProfilePrivilege 588 iexplore.exe Token: SeSystemtimePrivilege 588 iexplore.exe Token: SeProfSingleProcessPrivilege 588 iexplore.exe Token: SeIncBasePriorityPrivilege 588 iexplore.exe Token: SeCreatePagefilePrivilege 588 iexplore.exe Token: SeBackupPrivilege 588 iexplore.exe Token: SeRestorePrivilege 588 iexplore.exe Token: SeShutdownPrivilege 588 iexplore.exe Token: SeDebugPrivilege 588 iexplore.exe Token: SeSystemEnvironmentPrivilege 588 iexplore.exe Token: SeChangeNotifyPrivilege 588 iexplore.exe Token: SeRemoteShutdownPrivilege 588 iexplore.exe Token: SeUndockPrivilege 588 iexplore.exe Token: SeManageVolumePrivilege 588 iexplore.exe Token: SeImpersonatePrivilege 588 iexplore.exe Token: SeCreateGlobalPrivilege 588 iexplore.exe Token: 33 588 iexplore.exe Token: 34 588 iexplore.exe Token: 35 588 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iexplore.exepid process 588 iexplore.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exedescription pid process target process PID 1328 wrote to memory of 588 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe iexplore.exe PID 1328 wrote to memory of 588 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe iexplore.exe PID 1328 wrote to memory of 588 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe iexplore.exe PID 1328 wrote to memory of 588 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe iexplore.exe PID 1328 wrote to memory of 588 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe iexplore.exe PID 1328 wrote to memory of 588 1328 8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe"C:\Users\Admin\AppData\Local\Temp\8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1328-54-0x0000000074F91000-0x0000000074F93000-memory.dmpFilesize
8KB