5e6ca13143ba73ac8595785c5741f5da0505c0155140d63852aa6d1e74fc081f

Resubmissions

15-09-2022 17:54

15-09-2022 17:52

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
15-09-2022 17:54

Target

sample catalog2022.exe
Size

288KB
MD5

f0e10bf42bfb76de46b122a9ab381e1f
SHA1

510a22752b3624bb71ab9c198c876b13cd6be9e1
SHA256

5e6ca13143ba73ac8595785c5741f5da0505c0155140d63852aa6d1e74fc081f
SHA512

f6e5ce2530615213a69cc1494667aed3e6b01321aba02c75c4cbb126ef130e8deb1ddd3c23fe73d2de2009dd75dd6c288ee935df1b4471249d5c04e68ae52790
SSDEEP

6144:JH/k7Gstb+5NcvahAKNRqF3hfvAoKqS8bZufRuV8vfBG:Jfkvw5mahbPqnQWv8vfc

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

sample catalog2022.exe

pid process

1696 sample catalog2022.exe
1696 sample catalog2022.exe
1696 sample catalog2022.exe
1696 sample catalog2022.exe
1696 sample catalog2022.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

sample catalog2022.exe

description pid process

Token: SeDebugPrivilege 1696 sample catalog2022.exe

description	pid	process
Token: SeDebugPrivilege	1696	sample catalog2022.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

sample catalog2022.exe

description	pid	process	target process
PID 1696 wrote to memory of 1992	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1992	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1992	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1992	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1160	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1160	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1160	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1160	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 544	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 544	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 544	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 544	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1124	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1124	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1124	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 1124	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 976	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 976	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 976	1696	sample catalog2022.exe	cvtres.exe
PID 1696 wrote to memory of 976	1696	sample catalog2022.exe	cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
2⤵
PID:1992

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
2⤵
PID:1160

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
2⤵
PID:1124

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
2⤵
PID:544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
2⤵
PID:976

memory/1696-54-0x0000000001020000-0x000000000106E000-memory.dmp

Filesize
312KB

Download
memory/1696-55-0x0000000000240000-0x000000000024C000-memory.dmp

Filesize
48KB

Download
memory/1696-56-0x0000000000250000-0x0000000000258000-memory.dmp

Filesize
32KB

Download