Analysis
-
max time kernel
152s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-05-2022 00:06
Behavioral task
behavioral1
Sample
146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
-
Size
658KB
-
MD5
5bff2c2bdc7523e24d7ecc0995a814e6
-
SHA1
ba82bada9fc8e405b3e9fe5aa742cd5337cf6a2f
-
SHA256
146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093
-
SHA512
0c020e01655be45b7cddad37e7999e340d50a6c4b31b9c90c4f29aecd3bfc82fcdd99fdba207bd243154a965abb378a81a5c887c67dea87c21b97e32446b4d8a
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exedescription pid process target process PID 4460 set thread context of 2764 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe iexplore.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
Processes:
146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exeiexplore.exedescription pid process Token: SeIncreaseQuotaPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeSecurityPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeTakeOwnershipPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeLoadDriverPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeSystemProfilePrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeSystemtimePrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeProfSingleProcessPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeIncBasePriorityPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeCreatePagefilePrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeBackupPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeRestorePrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeShutdownPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeDebugPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeSystemEnvironmentPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeChangeNotifyPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeRemoteShutdownPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeUndockPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeManageVolumePrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeImpersonatePrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeCreateGlobalPrivilege 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: 33 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: 34 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: 35 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: 36 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe Token: SeIncreaseQuotaPrivilege 2764 iexplore.exe Token: SeSecurityPrivilege 2764 iexplore.exe Token: SeTakeOwnershipPrivilege 2764 iexplore.exe Token: SeLoadDriverPrivilege 2764 iexplore.exe Token: SeSystemProfilePrivilege 2764 iexplore.exe Token: SeSystemtimePrivilege 2764 iexplore.exe Token: SeProfSingleProcessPrivilege 2764 iexplore.exe Token: SeIncBasePriorityPrivilege 2764 iexplore.exe Token: SeCreatePagefilePrivilege 2764 iexplore.exe Token: SeBackupPrivilege 2764 iexplore.exe Token: SeRestorePrivilege 2764 iexplore.exe Token: SeShutdownPrivilege 2764 iexplore.exe Token: SeDebugPrivilege 2764 iexplore.exe Token: SeSystemEnvironmentPrivilege 2764 iexplore.exe Token: SeChangeNotifyPrivilege 2764 iexplore.exe Token: SeRemoteShutdownPrivilege 2764 iexplore.exe Token: SeUndockPrivilege 2764 iexplore.exe Token: SeManageVolumePrivilege 2764 iexplore.exe Token: SeImpersonatePrivilege 2764 iexplore.exe Token: SeCreateGlobalPrivilege 2764 iexplore.exe Token: 33 2764 iexplore.exe Token: 34 2764 iexplore.exe Token: 35 2764 iexplore.exe Token: 36 2764 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iexplore.exepid process 2764 iexplore.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exedescription pid process target process PID 4460 wrote to memory of 2764 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe iexplore.exe PID 4460 wrote to memory of 2764 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe iexplore.exe PID 4460 wrote to memory of 2764 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe iexplore.exe PID 4460 wrote to memory of 2764 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe iexplore.exe PID 4460 wrote to memory of 2764 4460 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe"C:\Users\Admin\AppData\Local\Temp\146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx