Analysis
-
max time kernel
154s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 00:14
Behavioral task
behavioral1
Sample
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Resource
win7-20220715-en
windows7-x64
5 signatures
150 seconds
General
-
Target
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
-
Size
756KB
-
MD5
d6039d4e775e33fda4b9b8af49b70e26
-
SHA1
60a5912dfbb7262b5c6a92f8d2f0994dbc3e3ab1
-
SHA256
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75
-
SHA512
399b0a887506ca95f909f5f5f9cefd5756646a4261d630beaf327dfc424850d49e2532942ca2b2b10355f955b400ebf8a38ae0074efb655b544671e02029d772
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exedescription pid process target process PID 3568 set thread context of 2080 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
Processes:
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exeiexplore.exedescription pid process Token: SeIncreaseQuotaPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSecurityPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeTakeOwnershipPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeLoadDriverPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSystemProfilePrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSystemtimePrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeProfSingleProcessPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeIncBasePriorityPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeCreatePagefilePrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeBackupPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeRestorePrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeShutdownPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeDebugPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeSystemEnvironmentPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeChangeNotifyPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeRemoteShutdownPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeUndockPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeManageVolumePrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeImpersonatePrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeCreateGlobalPrivilege 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: 33 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: 34 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: 35 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: 36 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe Token: SeIncreaseQuotaPrivilege 2080 iexplore.exe Token: SeSecurityPrivilege 2080 iexplore.exe Token: SeTakeOwnershipPrivilege 2080 iexplore.exe Token: SeLoadDriverPrivilege 2080 iexplore.exe Token: SeSystemProfilePrivilege 2080 iexplore.exe Token: SeSystemtimePrivilege 2080 iexplore.exe Token: SeProfSingleProcessPrivilege 2080 iexplore.exe Token: SeIncBasePriorityPrivilege 2080 iexplore.exe Token: SeCreatePagefilePrivilege 2080 iexplore.exe Token: SeBackupPrivilege 2080 iexplore.exe Token: SeRestorePrivilege 2080 iexplore.exe Token: SeShutdownPrivilege 2080 iexplore.exe Token: SeDebugPrivilege 2080 iexplore.exe Token: SeSystemEnvironmentPrivilege 2080 iexplore.exe Token: SeChangeNotifyPrivilege 2080 iexplore.exe Token: SeRemoteShutdownPrivilege 2080 iexplore.exe Token: SeUndockPrivilege 2080 iexplore.exe Token: SeManageVolumePrivilege 2080 iexplore.exe Token: SeImpersonatePrivilege 2080 iexplore.exe Token: SeCreateGlobalPrivilege 2080 iexplore.exe Token: 33 2080 iexplore.exe Token: 34 2080 iexplore.exe Token: 35 2080 iexplore.exe Token: 36 2080 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iexplore.exepid process 2080 iexplore.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exedescription pid process target process PID 3568 wrote to memory of 2080 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 3568 wrote to memory of 2080 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 3568 wrote to memory of 2080 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 3568 wrote to memory of 2080 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe PID 3568 wrote to memory of 2080 3568 addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe"C:\Users\Admin\AppData\Local\Temp\addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx