2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-09-2022 08:24

Target

2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c.exe
Size

273KB
MD5

30b485a831a5dd28b3e6905fb7c93b17
SHA1

bdafaa2a215f83e7a934eb5f6a032623bc86b15c
SHA256

2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c
SHA512

252056db641cc2c62eb0e0bad6452cf8859f8876512006a2131d1bc2f9a67a45dc59dd85b6c22cab24433841ff4cea5327bead07040ef6fa3b0c1b5e6f5eb610
SSDEEP

6144:oTKGJ4pXPVreZyOZzh9CI4l4DlhZbsIHdo1qBAEft0z:gveXPV0ywPCIPhbo6AH

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
600	exploret.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 600 set thread context of 844	600	exploret.exe	28

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\exploret.exe	2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c.exe
File created	C:\Windows\exploret.exe	2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1996	2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c.exe
Token: SeDebugPrivilege	600	exploret.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 600 wrote to memory of 844	600	exploret.exe	28
PID 600 wrote to memory of 844	600	exploret.exe	28
PID 600 wrote to memory of 844	600	exploret.exe	28
PID 600 wrote to memory of 844	600	exploret.exe	28
PID 600 wrote to memory of 844	600	exploret.exe	28
PID 600 wrote to memory of 844	600	exploret.exe	28

C:\Windows\exploret.exe
C:\Windows\exploret.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:600
- C:\WINDOWS\SysWOW64\SvcHost.eXe
  C:\WINDOWS\system32\SvcHost.eXe
  2⤵
  PID:844

C:\Windows\exploret.exe

Filesize
273KB

MD5
30b485a831a5dd28b3e6905fb7c93b17

SHA1
bdafaa2a215f83e7a934eb5f6a032623bc86b15c

SHA256
2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c

SHA512
252056db641cc2c62eb0e0bad6452cf8859f8876512006a2131d1bc2f9a67a45dc59dd85b6c22cab24433841ff4cea5327bead07040ef6fa3b0c1b5e6f5eb610

Download Submit
C:\Windows\exploret.exe

Filesize
273KB

MD5
30b485a831a5dd28b3e6905fb7c93b17

SHA1
bdafaa2a215f83e7a934eb5f6a032623bc86b15c

SHA256
2ec4651c25eae0394a347ad3dc16c5c9647e13c624969392001e424ddf0a9a7c

SHA512
252056db641cc2c62eb0e0bad6452cf8859f8876512006a2131d1bc2f9a67a45dc59dd85b6c22cab24433841ff4cea5327bead07040ef6fa3b0c1b5e6f5eb610

Download Submit
memory/600-65-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/844-61-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/844-63-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/844-64-0x00000000004C6FC4-mapping.dmp

Download
memory/1996-54-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/1996-55-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/1996-56-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download