4691e86098f4a2fe6ed76c46dc7584ae25d9396b06427a47a00ce1156d38f12b

Analysis

max time kernel
50s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-09-2022 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a325dde02cad3ca42c87d9165479fc4.exe
Size

4.5MB
MD5

8a325dde02cad3ca42c87d9165479fc4
SHA1

168ade6695c2ab546d750cb9a7a8026f239b016d
SHA256

4691e86098f4a2fe6ed76c46dc7584ae25d9396b06427a47a00ce1156d38f12b
SHA512

cef03ddb55d77676ffb17a4e6b2650e2be5cd1fd152f0f6baa7c83d97da95a1222c0677d13720659ab4df045ff0098bdca7cb1dd3300ee76f26df641d960da8f
SSDEEP

98304:IW7B8cRkSx2gl6VU0dTlxmgURaFhjEKI0UnUB7bN2:IM8O2X9dJ4gUQXnIdyb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

8a325dde02cad3ca42c87d9165479fc4.exe

pid	process
1384	8a325dde02cad3ca42c87d9165479fc4.exe
1384	8a325dde02cad3ca42c87d9165479fc4.exe
1384	8a325dde02cad3ca42c87d9165479fc4.exe
1384	8a325dde02cad3ca42c87d9165479fc4.exe
1384	8a325dde02cad3ca42c87d9165479fc4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

8a325dde02cad3ca42c87d9165479fc4.exe

description pid process

Token: SeDebugPrivilege 1384 8a325dde02cad3ca42c87d9165479fc4.exe

description	pid	process
Token: SeDebugPrivilege	1384	8a325dde02cad3ca42c87d9165479fc4.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

8a325dde02cad3ca42c87d9165479fc4.exe

C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe
"C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1384

C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe
"C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe"
2⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe
"C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe"
2⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe
"C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe"
2⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe
"C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe"
2⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe
"C:\Users\Admin\AppData\Local\Temp\8a325dde02cad3ca42c87d9165479fc4.exe"
2⤵
PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1384-54-0x00000000002C0000-0x000000000074C000-memory.dmp

Filesize
4.5MB

Download
memory/1384-55-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download
memory/1384-56-0x0000000000910000-0x0000000000924000-memory.dmp

Filesize
80KB

Download
memory/1384-57-0x0000000000920000-0x000000000092C000-memory.dmp

Filesize
48KB

Download
memory/1384-58-0x0000000009F70000-0x000000000A39C000-memory.dmp

Filesize
4.2MB

Download
memory/1384-59-0x000000000B7D0000-0x000000000BBCE000-memory.dmp

Filesize
4.0MB

Download

description	pid	process	target process
PID 1384 wrote to memory of 1616	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1616	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1616	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1616	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1604	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1604	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1604	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1604	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 948	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 948	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 948	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 948	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 852	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 852	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 852	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 852	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1576	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1576	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1576	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe
PID 1384 wrote to memory of 1576	1384	8a325dde02cad3ca42c87d9165479fc4.exe	8a325dde02cad3ca42c87d9165479fc4.exe