Analysis
-
max time kernel
130s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 23:43
Behavioral task
behavioral1
Sample
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe
-
Size
658KB
-
MD5
98343399d5aac84bacbeddc5a3385836
-
SHA1
e1c7bb2b21d7f46de57c26b407235972b1a6e28a
-
SHA256
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52
-
SHA512
39a0daf741484e8bd692ab2abfec76f534ebb84ee72c41337d4499fba04c590da9fbd627a003038147a3dcf94b6198ab9f2cda52d480e7afd288a0f4fcc4471c
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exedescription pid process target process PID 4776 set thread context of 4976 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe iexplore.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
Processes:
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exeiexplore.exedescription pid process Token: SeIncreaseQuotaPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeSecurityPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeTakeOwnershipPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeLoadDriverPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeSystemProfilePrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeSystemtimePrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeProfSingleProcessPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeIncBasePriorityPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeCreatePagefilePrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeBackupPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeRestorePrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeShutdownPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeDebugPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeSystemEnvironmentPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeChangeNotifyPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeRemoteShutdownPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeUndockPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeManageVolumePrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeImpersonatePrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeCreateGlobalPrivilege 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: 33 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: 34 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: 35 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: 36 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe Token: SeIncreaseQuotaPrivilege 4976 iexplore.exe Token: SeSecurityPrivilege 4976 iexplore.exe Token: SeTakeOwnershipPrivilege 4976 iexplore.exe Token: SeLoadDriverPrivilege 4976 iexplore.exe Token: SeSystemProfilePrivilege 4976 iexplore.exe Token: SeSystemtimePrivilege 4976 iexplore.exe Token: SeProfSingleProcessPrivilege 4976 iexplore.exe Token: SeIncBasePriorityPrivilege 4976 iexplore.exe Token: SeCreatePagefilePrivilege 4976 iexplore.exe Token: SeBackupPrivilege 4976 iexplore.exe Token: SeRestorePrivilege 4976 iexplore.exe Token: SeShutdownPrivilege 4976 iexplore.exe Token: SeDebugPrivilege 4976 iexplore.exe Token: SeSystemEnvironmentPrivilege 4976 iexplore.exe Token: SeChangeNotifyPrivilege 4976 iexplore.exe Token: SeRemoteShutdownPrivilege 4976 iexplore.exe Token: SeUndockPrivilege 4976 iexplore.exe Token: SeManageVolumePrivilege 4976 iexplore.exe Token: SeImpersonatePrivilege 4976 iexplore.exe Token: SeCreateGlobalPrivilege 4976 iexplore.exe Token: 33 4976 iexplore.exe Token: 34 4976 iexplore.exe Token: 35 4976 iexplore.exe Token: 36 4976 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iexplore.exepid process 4976 iexplore.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exedescription pid process target process PID 4776 wrote to memory of 4976 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe iexplore.exe PID 4776 wrote to memory of 4976 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe iexplore.exe PID 4776 wrote to memory of 4976 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe iexplore.exe PID 4776 wrote to memory of 4976 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe iexplore.exe PID 4776 wrote to memory of 4976 4776 645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe"C:\Users\Admin\AppData\Local\Temp\645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx