87129abfc88787d86562d13e016a1a4662ad0c74a649be8f7722800cef23f36d

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-09-2022 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b38c61df6a227a6f87afb3f7be94e28b.exe
Size

863KB
MD5

b38c61df6a227a6f87afb3f7be94e28b
SHA1

dad142a9dc2d1b61146fc4d78b0883f95cfa1d3f
SHA256

87129abfc88787d86562d13e016a1a4662ad0c74a649be8f7722800cef23f36d
SHA512

2625aadd9b0cd8fa7134aa390694aad577a32f2dbec0dfba836350723e3f41d74b480c5f366a08cd4d876bf0965886a72507ca5bdba273b839b3a4ef4a087c8f
SSDEEP

12288:WPkJE0qpWGUqhHe1+P6XKu47lsIF4Q8vkc9ibVzWno3:O0cOQOkqI6QJbV4C

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

b38c61df6a227a6f87afb3f7be94e28b.exe

pid	process
1576	b38c61df6a227a6f87afb3f7be94e28b.exe
1576	b38c61df6a227a6f87afb3f7be94e28b.exe
1576	b38c61df6a227a6f87afb3f7be94e28b.exe
1576	b38c61df6a227a6f87afb3f7be94e28b.exe
1576	b38c61df6a227a6f87afb3f7be94e28b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

b38c61df6a227a6f87afb3f7be94e28b.exe

description pid process

Token: SeDebugPrivilege 1576 b38c61df6a227a6f87afb3f7be94e28b.exe

description	pid	process
Token: SeDebugPrivilege	1576	b38c61df6a227a6f87afb3f7be94e28b.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

b38c61df6a227a6f87afb3f7be94e28b.exe

C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe
"C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1576

C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe
"C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe"
2⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe
"C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe"
2⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe
"C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe"
2⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe
"C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe"
2⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe
"C:\Users\Admin\AppData\Local\Temp\b38c61df6a227a6f87afb3f7be94e28b.exe"
2⤵
PID:1432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1576-54-0x00000000003D0000-0x00000000004AC000-memory.dmp

Filesize
880KB

Download
memory/1576-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1576-56-0x00000000003C0000-0x00000000003D6000-memory.dmp

Filesize
88KB

Download
memory/1576-57-0x0000000000550000-0x000000000055C000-memory.dmp

Filesize
48KB

Download
memory/1576-58-0x0000000005EE0000-0x0000000005F74000-memory.dmp

Filesize
592KB

Download
memory/1576-59-0x0000000004AA0000-0x0000000004ADA000-memory.dmp

Filesize
232KB

Download

description	pid	process	target process
PID 1576 wrote to memory of 916	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 916	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 916	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 916	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1784	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1784	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1784	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1784	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 956	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 956	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 956	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 956	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1396	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1396	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1396	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1396	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1432	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1432	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1432	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe
PID 1576 wrote to memory of 1432	1576	b38c61df6a227a6f87afb3f7be94e28b.exe	b38c61df6a227a6f87afb3f7be94e28b.exe