Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 01:52
Static task
static1
Behavioral task
behavioral1
Sample
SCTB38 NEW782.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SCTB38 NEW782.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
SCTB38 NEW782.exe
-
Size
1.0MB
-
MD5
18b6f9b159d93570f9ace705a62a9fad
-
SHA1
82f75eeef6e25500f517faf6f561057e63ea3a63
-
SHA256
48c124e7d628adaa322470af51fdee8a965faf61bdfbc4c2b143dcf57d52be1a
-
SHA512
d836b883425d6c8567eb0876a67525aca3ac6a33c0b7d2a72ef76bf6f0bf71594fdb2c71d6b18f5eeb607c1b3cd334876ae5d2906fa456d6b8d2c6e498696e39
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
Processes:
SCTB38 NEW782.exepid process 1048 SCTB38 NEW782.exe 1048 SCTB38 NEW782.exe 1048 SCTB38 NEW782.exe 1048 SCTB38 NEW782.exe 1048 SCTB38 NEW782.exe 1048 SCTB38 NEW782.exe 1048 SCTB38 NEW782.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SCTB38 NEW782.exedescription pid process Token: SeDebugPrivilege 1048 SCTB38 NEW782.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
SCTB38 NEW782.exedescription pid process target process PID 1048 wrote to memory of 1068 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1068 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1068 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1068 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1144 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1144 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1144 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1144 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1696 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1696 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1696 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 1696 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2036 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2036 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2036 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2036 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2000 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2000 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2000 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe PID 1048 wrote to memory of 2000 1048 SCTB38 NEW782.exe SCTB38 NEW782.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"{path}"2⤵PID:1068
-
C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"{path}"2⤵PID:1144
-
C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"{path}"2⤵PID:1696
-
C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"{path}"2⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\SCTB38 NEW782.exe"{path}"2⤵PID:2000