Analysis
-
max time kernel
33s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/09/2022, 20:00
Behavioral task
behavioral1
Sample
05SEPTENVv.exe
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
05SEPTENVv.exe
Resource
win10v2004-20220812-en
2 signatures
150 seconds
General
-
Target
05SEPTENVv.exe
-
Size
32KB
-
MD5
2dd9a5a8e64c1f5864554d1d2203c4a4
-
SHA1
f43093cc758e83b6673505ef1faaf4ec2e4a8d57
-
SHA256
ff00a7414edad0eeb2ce1e7e9919e7a635a5c1621246e91c5bf9e51778156bb8
-
SHA512
43a3c52b897af7f055bfb92cb2c781f0087ea5b5326cbf6b28df0411669493f07edd9e0e6056b4433f393c94a7b73ff856f58d2d3a9d55eda033028ddddee488
-
SSDEEP
384:N0bUe5XB4e0XuOdTixBr/QdWT6tTUFQqzFWObbK:eT9ButdifrYnIbK
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 1348 05SEPTENVv.exe Token: 33 1348 05SEPTENVv.exe Token: SeIncBasePriorityPrivilege 1348 05SEPTENVv.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1348 wrote to memory of 1796 1348 05SEPTENVv.exe 27 PID 1348 wrote to memory of 1796 1348 05SEPTENVv.exe 27 PID 1348 wrote to memory of 1796 1348 05SEPTENVv.exe 27 PID 1348 wrote to memory of 1796 1348 05SEPTENVv.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\05SEPTENVv.exe"C:\Users\Admin\AppData\Local\Temp\05SEPTENVv.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\05SEPTENVv.exe"2⤵PID:1796
-