b6ebe092221b9cb70949480fbc97133fa1e408c657150bb50c41171321b2fb73

Analysis

max time kernel
50s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12-09-2022 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ITEM DATA SHEET.exe
Size

1.2MB
MD5

c95b522710130a7d48a91a7adf58fbb4
SHA1

c8177c93f5a01434516f43bfb34b49c82b8a4a00
SHA256

b6ebe092221b9cb70949480fbc97133fa1e408c657150bb50c41171321b2fb73
SHA512

d7ac349ae55357c73db01780bec16712fe58dea44a75e792d99dd22766b06a5cbb0272c9a3752b3fb0de7c2354beb64e51bf241d2370749a1d48cff61a0f06ac
SSDEEP

12288:cx1goP2MRzbeykkXoposLC6/M698kgMhMk6jwv+rB/4vVWwPN:co85edLv/M698U6jI+rx4vVXP

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

ITEM DATA SHEET.exe

pid process

2012 ITEM DATA SHEET.exe
2012 ITEM DATA SHEET.exe
2012 ITEM DATA SHEET.exe
2012 ITEM DATA SHEET.exe
2012 ITEM DATA SHEET.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ITEM DATA SHEET.exe

description pid process

Token: SeDebugPrivilege 2012 ITEM DATA SHEET.exe

pid	process
2012	ITEM DATA SHEET.exe
2012	ITEM DATA SHEET.exe
2012	ITEM DATA SHEET.exe
2012	ITEM DATA SHEET.exe
2012	ITEM DATA SHEET.exe

description	pid	process
Token: SeDebugPrivilege	2012	ITEM DATA SHEET.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

ITEM DATA SHEET.exe

description	pid	process	target process
PID 2012 wrote to memory of 1500	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1500	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1500	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1500	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1520	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1520	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1520	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1520	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1508	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1508	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1508	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1508	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1164	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1164	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1164	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1164	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1292	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1292	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1292	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe
PID 2012 wrote to memory of 1292	2012	ITEM DATA SHEET.exe	ITEM DATA SHEET.exe

C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe
"C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2012

C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe
"C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe"
2⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe
"C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe"
2⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe
"C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe"
2⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe
"C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe"
2⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe
"C:\Users\Admin\AppData\Local\Temp\ITEM DATA SHEET.exe"
2⤵
PID:1292

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-54-0x00000000002F0000-0x0000000000422000-memory.dmp

Filesize
1.2MB

Download
memory/2012-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/2012-56-0x0000000000640000-0x000000000065A000-memory.dmp

Filesize
104KB

Download
memory/2012-57-0x00000000006B0000-0x00000000006BC000-memory.dmp

Filesize
48KB

Download
memory/2012-58-0x0000000005880000-0x0000000005950000-memory.dmp

Filesize
832KB

Download
memory/2012-59-0x0000000004D20000-0x0000000004D9C000-memory.dmp

Filesize
496KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads