cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb

Analysis

max time kernel
62s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2022 20:53

Target

cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe
Size

509KB
MD5

e332d13c5d681efc1decca9fdf483cb5
SHA1

1369bc391e7e07205f99a41486856bbc8f933967
SHA256

cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb
SHA512

41804863aff4605e76747c983f27be1f78f430eff551e7a036b4f2711fede40ff516aa61aaf392a0070fb475aa311b506ce4892cea6adcb43b041c23bfabfb9d

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe

description pid process

Token: SeDebugPrivilege 3620 cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe

description	pid	process
Token: SeDebugPrivilege	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe

description	pid	process	target process
PID 3620 wrote to memory of 2996	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 2996	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 2996	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 4332	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 4332	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 4332	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 2416	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 2416	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe
PID 3620 wrote to memory of 2416	3620	cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe	cmd.exe

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c, "/C type nul > "C:\Users\Admin\AppData\Local\Temp\cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe:Zone.Identifier""
2⤵
PID:2996

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\cfd3ac39a13d75256a5677f6745aa4e0660fd073e98b44102f4214b9d741d4bb.exe" "C:\Users\Admin\AppData\Local\sdccxa.exe"
2⤵
PID:4332

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c, "C:\Users\Admin\AppData\Local\sdccxa.exe"
2⤵
PID:2416

memory/2416-136-0x0000000000000000-mapping.dmp

Download
memory/2996-134-0x0000000000000000-mapping.dmp

Download
memory/3620-130-0x0000000000950000-0x00000000009D6000-memory.dmp

Filesize
536KB

Download
memory/3620-131-0x00000000058F0000-0x0000000005E94000-memory.dmp

Filesize
5.6MB

Download
memory/3620-132-0x0000000006160000-0x00000000061F2000-memory.dmp

Filesize
584KB

Download
memory/3620-133-0x0000000006200000-0x0000000006266000-memory.dmp

Filesize
408KB

Download
memory/4332-135-0x0000000000000000-mapping.dmp

Download