Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-06-2022 11:23
Static task
static1
Behavioral task
behavioral1
Sample
20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe
-
Size
852KB
-
MD5
7bc5c48e8e95526e4adb155a561bc09b
-
SHA1
755b965d1c32ff5af956cb68a6463f0f71a5895a
-
SHA256
20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71
-
SHA512
c9db71c27a13a580c27d830d3098d7d2389b1d74d01fde3f429ff1881dc0132884cd58d0ef1002b1dfa51bd320d24b71629b3785262c9125d64a5565c84ba571
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1836 set thread context of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1836 wrote to memory of 1828 1836 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 28 PID 1828 wrote to memory of 1844 1828 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 30 PID 1828 wrote to memory of 1844 1828 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 30 PID 1828 wrote to memory of 1844 1828 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 30 PID 1828 wrote to memory of 1844 1828 20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe"C:\Users\Admin\AppData\Local\Temp\20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1836 -
C:\Users\Admin\AppData\Local\Temp\20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe"C:\Users\Admin\AppData\Local\Temp\20caa9abe0b37c0d09b041b84573c3a62deceb9a3e5e876e4725ece403b72c71.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:1828 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 7523⤵PID:1844
-
-