Analysis
-
max time kernel
137s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05/09/2022, 20:00
Behavioral task
behavioral1
Sample
05SEPTENVv.exe
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
05SEPTENVv.exe
Resource
win10v2004-20220812-en
2 signatures
150 seconds
General
-
Target
05SEPTENVv.exe
-
Size
32KB
-
MD5
2dd9a5a8e64c1f5864554d1d2203c4a4
-
SHA1
f43093cc758e83b6673505ef1faaf4ec2e4a8d57
-
SHA256
ff00a7414edad0eeb2ce1e7e9919e7a635a5c1621246e91c5bf9e51778156bb8
-
SHA512
43a3c52b897af7f055bfb92cb2c781f0087ea5b5326cbf6b28df0411669493f07edd9e0e6056b4433f393c94a7b73ff856f58d2d3a9d55eda033028ddddee488
-
SSDEEP
384:N0bUe5XB4e0XuOdTixBr/QdWT6tTUFQqzFWObbK:eT9ButdifrYnIbK
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2976 05SEPTENVv.exe Token: 33 2976 05SEPTENVv.exe Token: SeIncBasePriorityPrivilege 2976 05SEPTENVv.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2976 wrote to memory of 4840 2976 05SEPTENVv.exe 89 PID 2976 wrote to memory of 4840 2976 05SEPTENVv.exe 89 PID 2976 wrote to memory of 4840 2976 05SEPTENVv.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\05SEPTENVv.exe"C:\Users\Admin\AppData\Local\Temp\05SEPTENVv.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\05SEPTENVv.exe"2⤵PID:4840
-