1d9fc02237d06ae3ee5ea85ae14a05ab41ee99f03ac660e3f6360ac6864bf7fd

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
22-07-2022 15:10

Target

tmp.exe
Size

641KB
MD5

85be6547409011c0804230f2f09f7ca3
SHA1

33eb9c66bb959332f963ab928fdbd655ac9e5e4e
SHA256

1d9fc02237d06ae3ee5ea85ae14a05ab41ee99f03ac660e3f6360ac6864bf7fd
SHA512

5e9e790f043d47bf21cd77caa556d18b957ab2c9587ef63836f84b8f42b102a8de085a2c6c2cf5a504b5a034c74dc25f2961b8415779311323e71c15b4432b7b

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

tmp.exe

pid process

736 tmp.exe
736 tmp.exe
736 tmp.exe
736 tmp.exe
736 tmp.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

tmp.exe

description pid process

Token: SeDebugPrivilege 736 tmp.exe

description	pid	process
Token: SeDebugPrivilege	736	tmp.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 736 wrote to memory of 1624	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1624	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1624	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1624	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 836	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 836	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 836	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 836	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1128	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1128	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1128	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1128	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 608	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 608	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 608	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 608	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1492	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1492	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1492	736	tmp.exe	tmp.exe
PID 736 wrote to memory of 1492	736	tmp.exe	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:1492

memory/736-54-0x00000000003C0000-0x0000000000466000-memory.dmp

Filesize
664KB

Download
memory/736-55-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/736-56-0x00000000004A0000-0x00000000004BC000-memory.dmp

Filesize
112KB

Download
memory/736-57-0x0000000000510000-0x000000000051A000-memory.dmp

Filesize
40KB

Download
memory/736-58-0x0000000004B90000-0x0000000004BFA000-memory.dmp

Filesize
424KB

Download
memory/736-59-0x0000000002320000-0x0000000002352000-memory.dmp

Filesize
200KB

Download