Analysis
-
max time kernel
83s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-06-2022 09:46
Static task
static1
Behavioral task
behavioral1
Sample
210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe
-
Size
550KB
-
MD5
03598ac96100cf4cb41e01e3f4f43ef1
-
SHA1
5bbe4890beb41e5aa137e3ebb8277b6318e1b524
-
SHA256
210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e
-
SHA512
90dfb3fced9be8e29fa750b9085b2b3b07abcf2433e95044adbefea01d373f3ad0a899f781fd61c426a8f22ac09a4757b5523ce72176ea47e767e88d64223d7d
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 908 set thread context of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 908 wrote to memory of 936 908 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 28 PID 936 wrote to memory of 1352 936 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 30 PID 936 wrote to memory of 1352 936 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 30 PID 936 wrote to memory of 1352 936 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 30 PID 936 wrote to memory of 1352 936 210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe"C:\Users\Admin\AppData\Local\Temp\210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:908 -
C:\Users\Admin\AppData\Local\Temp\210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe"C:\Users\Admin\AppData\Local\Temp\210e940c47cf79db8a3b9bceff1e4caae76653aeaf97080883ff735fd354221e.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:936 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 7763⤵PID:1352
-
-