Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18-09-2022 03:06
Static task
static1
Behavioral task
behavioral1
Sample
6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe
Resource
win7-20220812-en
3 signatures
150 seconds
General
-
Target
6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe
-
Size
288KB
-
MD5
b8b284b3a4e835f5b3785b9ffe794e9d
-
SHA1
448bb364b3713aa4cad2637eedf008ad4ba1f05c
-
SHA256
6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501
-
SHA512
9a111fcc66fed623ffbf743649b5a5ec00d6365d7d2afe0ae32d8bfd66b075d4a4e74b25b4d9ff0e14e8a9ea4c5dc206e24af0002ee9130168b9a8708b84b6ea
-
SSDEEP
6144:HyPgfiscyrkdbMjgFP9lpYQKe/YC0R2nBtH6KZyxHro6aRtzG:SPgacw5MjmsQdYC0iIK4xHs6aRt6
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exepid process 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exedescription pid process Token: SeDebugPrivilege 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exedescription pid process target process PID 2020 wrote to memory of 1916 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1916 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1916 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1916 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1252 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1252 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1252 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1252 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1396 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1396 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1396 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1396 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1700 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1700 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1700 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1700 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1696 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1696 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1696 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe PID 2020 wrote to memory of 1696 2020 6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe cvtres.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe"C:\Users\Admin\AppData\Local\Temp\6c2afb194cebad7f9babba679528aea18b3c7754a9a6e602b91d80353aedd501.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵