db8326300154e132bca39bb24e89949dbe41c9af90d9f10242dce3f9423ab094

Analysis

max time kernel
56s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17-09-2022 06:30

Target

Ekstre_01.pdf.exe
Size

916KB
MD5

c6422b30084f0068a6fd540dbda8cbcb
SHA1

1fb25b337715fbb29fddc855db7abddd8083f298
SHA256

db8326300154e132bca39bb24e89949dbe41c9af90d9f10242dce3f9423ab094
SHA512

2e4d09af79d7b83445a70d57e3ec450e1969440525d5de8323a279bfb3637c45775f9459f267bf938dcc4f1d6b30026b85a9d4b16e8c36f3d8e197c5e8031737
SSDEEP

12288:a4wY3xGuC8aMnNAXh0mHotTm6VOs85iORdmFrVe9RpMxnsnYFofQU:a4wGGFti6StOtiOgVK62g6QU

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1996	Ekstre_01.pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1540	1996	Ekstre_01.pdf.exe	28
PID 1996 wrote to memory of 1540	1996	Ekstre_01.pdf.exe	28
PID 1996 wrote to memory of 1540	1996	Ekstre_01.pdf.exe	28
PID 1996 wrote to memory of 1540	1996	Ekstre_01.pdf.exe	28
PID 1996 wrote to memory of 1656	1996	Ekstre_01.pdf.exe	29
PID 1996 wrote to memory of 1656	1996	Ekstre_01.pdf.exe	29
PID 1996 wrote to memory of 1656	1996	Ekstre_01.pdf.exe	29
PID 1996 wrote to memory of 1656	1996	Ekstre_01.pdf.exe	29
PID 1996 wrote to memory of 848	1996	Ekstre_01.pdf.exe	30
PID 1996 wrote to memory of 848	1996	Ekstre_01.pdf.exe	30
PID 1996 wrote to memory of 848	1996	Ekstre_01.pdf.exe	30
PID 1996 wrote to memory of 848	1996	Ekstre_01.pdf.exe	30
PID 1996 wrote to memory of 820	1996	Ekstre_01.pdf.exe	31
PID 1996 wrote to memory of 820	1996	Ekstre_01.pdf.exe	31
PID 1996 wrote to memory of 820	1996	Ekstre_01.pdf.exe	31
PID 1996 wrote to memory of 820	1996	Ekstre_01.pdf.exe	31
PID 1996 wrote to memory of 1444	1996	Ekstre_01.pdf.exe	32
PID 1996 wrote to memory of 1444	1996	Ekstre_01.pdf.exe	32
PID 1996 wrote to memory of 1444	1996	Ekstre_01.pdf.exe	32
PID 1996 wrote to memory of 1444	1996	Ekstre_01.pdf.exe	32

C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe"
  2⤵
  PID:1540
- C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe"
  2⤵
  PID:1656
- C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe"
  2⤵
  PID:848
- C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe"
  2⤵
  PID:820
- C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Ekstre_01.pdf.exe"
  2⤵
  PID:1444

memory/1996-54-0x00000000003A0000-0x000000000048C000-memory.dmp

Filesize
944KB

Download
memory/1996-55-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download
memory/1996-56-0x0000000000230000-0x0000000000246000-memory.dmp

Filesize
88KB

Download
memory/1996-57-0x0000000000570000-0x000000000057C000-memory.dmp

Filesize
48KB

Download
memory/1996-58-0x0000000007E40000-0x0000000007EC0000-memory.dmp

Filesize
512KB

Download
memory/1996-59-0x00000000006D0000-0x00000000006F8000-memory.dmp

Filesize
160KB

Download