Analysis
-
max time kernel
150s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
25-07-2022 00:14
Behavioral task
behavioral1
Sample
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Resource
win7-20220715-en
windows7-x64
5 signatures
150 seconds
General
-
Target
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
-
Size
756KB
-
MD5
d6039d4e775e33fda4b9b8af49b70e26
-
SHA1
60a5912dfbb7262b5c6a92f8d2f0994dbc3e3ab1
-
SHA256
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75
-
SHA512
399b0a887506ca95f909f5f5f9cefd5756646a4261d630beaf327dfc424850d49e2532942ca2b2b10355f955b400ebf8a38ae0074efb655b544671e02029d772
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exedescription pid process target process PID 1988 set thread context of 956 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe -
Suspicious use of AdjustPrivilegeToken 46 IoCs
Processes:
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exeiexplore.exedescription pid process Token: SeIncreaseQuotaPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSecurityPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeTakeOwnershipPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeLoadDriverPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSystemProfilePrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSystemtimePrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeProfSingleProcessPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeIncBasePriorityPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeCreatePagefilePrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeBackupPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeRestorePrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeShutdownPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeDebugPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSystemEnvironmentPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeChangeNotifyPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeRemoteShutdownPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeUndockPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeManageVolumePrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeImpersonatePrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeCreateGlobalPrivilege 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: 33 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: 34 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: 35 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeIncreaseQuotaPrivilege 956 iexplore.exe Token: SeSecurityPrivilege 956 iexplore.exe Token: SeTakeOwnershipPrivilege 956 iexplore.exe Token: SeLoadDriverPrivilege 956 iexplore.exe Token: SeSystemProfilePrivilege 956 iexplore.exe Token: SeSystemtimePrivilege 956 iexplore.exe Token: SeProfSingleProcessPrivilege 956 iexplore.exe Token: SeIncBasePriorityPrivilege 956 iexplore.exe Token: SeCreatePagefilePrivilege 956 iexplore.exe Token: SeBackupPrivilege 956 iexplore.exe Token: SeRestorePrivilege 956 iexplore.exe Token: SeShutdownPrivilege 956 iexplore.exe Token: SeDebugPrivilege 956 iexplore.exe Token: SeSystemEnvironmentPrivilege 956 iexplore.exe Token: SeChangeNotifyPrivilege 956 iexplore.exe Token: SeRemoteShutdownPrivilege 956 iexplore.exe Token: SeUndockPrivilege 956 iexplore.exe Token: SeManageVolumePrivilege 956 iexplore.exe Token: SeImpersonatePrivilege 956 iexplore.exe Token: SeCreateGlobalPrivilege 956 iexplore.exe Token: 33 956 iexplore.exe Token: 34 956 iexplore.exe Token: 35 956 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iexplore.exepid process 956 iexplore.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exedescription pid process target process PID 1988 wrote to memory of 956 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 1988 wrote to memory of 956 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 1988 wrote to memory of 956 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 1988 wrote to memory of 956 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 1988 wrote to memory of 956 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 1988 wrote to memory of 956 1988 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe"C:\Users\Admin\AppData\Local\Temp\addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1988-54-0x00000000763E1000-0x00000000763E3000-memory.dmpFilesize
8KB