9882c7180787d5a337eec43f8988effe4e01cc2705a70e0f431da1bbe8cb719b

Analysis

max time kernel
60s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-09-2022 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8953f8e2562cd7da70239e9725245c82.exe
Size

882KB
MD5

8953f8e2562cd7da70239e9725245c82
SHA1

8e3e21be1c2d04c40f07a0cd9530581f036ec553
SHA256

9882c7180787d5a337eec43f8988effe4e01cc2705a70e0f431da1bbe8cb719b
SHA512

d67ef7b69bd8b4ac5b8a4277cb5bee09ed916503b204d62b549e1ee806a4d13e4ed4be7634c00378ccc6af65cc00a4bfa7983e16aedb65cfd193e945b725fa16
SSDEEP

12288:nFnvw0OPVk0RtsE4rNiLytjadiZe/+3SG+Sf5xvPeSiI4Uz:Rw320VTL4ciZBZxHeSdT

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1636	8953f8e2562cd7da70239e9725245c82.exe
1636	8953f8e2562cd7da70239e9725245c82.exe
1636	8953f8e2562cd7da70239e9725245c82.exe
1636	8953f8e2562cd7da70239e9725245c82.exe
1636	8953f8e2562cd7da70239e9725245c82.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1636	8953f8e2562cd7da70239e9725245c82.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1328	1636	8953f8e2562cd7da70239e9725245c82.exe	27
PID 1636 wrote to memory of 1328	1636	8953f8e2562cd7da70239e9725245c82.exe	27
PID 1636 wrote to memory of 1328	1636	8953f8e2562cd7da70239e9725245c82.exe	27
PID 1636 wrote to memory of 1328	1636	8953f8e2562cd7da70239e9725245c82.exe	27
PID 1636 wrote to memory of 840	1636	8953f8e2562cd7da70239e9725245c82.exe	28
PID 1636 wrote to memory of 840	1636	8953f8e2562cd7da70239e9725245c82.exe	28
PID 1636 wrote to memory of 840	1636	8953f8e2562cd7da70239e9725245c82.exe	28
PID 1636 wrote to memory of 840	1636	8953f8e2562cd7da70239e9725245c82.exe	28
PID 1636 wrote to memory of 1240	1636	8953f8e2562cd7da70239e9725245c82.exe	29
PID 1636 wrote to memory of 1240	1636	8953f8e2562cd7da70239e9725245c82.exe	29
PID 1636 wrote to memory of 1240	1636	8953f8e2562cd7da70239e9725245c82.exe	29
PID 1636 wrote to memory of 1240	1636	8953f8e2562cd7da70239e9725245c82.exe	29
PID 1636 wrote to memory of 1392	1636	8953f8e2562cd7da70239e9725245c82.exe	30
PID 1636 wrote to memory of 1392	1636	8953f8e2562cd7da70239e9725245c82.exe	30
PID 1636 wrote to memory of 1392	1636	8953f8e2562cd7da70239e9725245c82.exe	30
PID 1636 wrote to memory of 1392	1636	8953f8e2562cd7da70239e9725245c82.exe	30
PID 1636 wrote to memory of 1452	1636	8953f8e2562cd7da70239e9725245c82.exe	31
PID 1636 wrote to memory of 1452	1636	8953f8e2562cd7da70239e9725245c82.exe	31
PID 1636 wrote to memory of 1452	1636	8953f8e2562cd7da70239e9725245c82.exe	31
PID 1636 wrote to memory of 1452	1636	8953f8e2562cd7da70239e9725245c82.exe	31

C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe
"C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe
  "C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe"
  2⤵
  PID:1328
- C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe
  "C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe"
  2⤵
  PID:840
- C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe
  "C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe"
  2⤵
  PID:1240
- C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe
  "C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe"
  2⤵
  PID:1392
- C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe
  "C:\Users\Admin\AppData\Local\Temp\8953f8e2562cd7da70239e9725245c82.exe"
  2⤵
  PID:1452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1636-54-0x0000000000360000-0x0000000000442000-memory.dmp

Filesize
904KB

Download
memory/1636-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/1636-56-0x0000000000350000-0x0000000000366000-memory.dmp

Filesize
88KB

Download
memory/1636-57-0x0000000000490000-0x000000000049C000-memory.dmp

Filesize
48KB

Download
memory/1636-58-0x0000000005D90000-0x0000000005E24000-memory.dmp

Filesize
592KB

Download
memory/1636-59-0x0000000002190000-0x00000000021CA000-memory.dmp

Filesize
232KB

Download