eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96

Analysis

max time kernel
97s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2022 23:23

Target

eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe
Size

246KB
MD5

66a37d7b13902048a7b947785c990910
SHA1

c845c1c9ba6e5d07404600e2e2f1b674f5e9e485
SHA256

eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96
SHA512

759b9a3ca40fd89140285dbc32b25b56d9ffa1c64adbf240e5b175dc0e9b0c26ff4ff6bffe397c31e8cefa38c0cc93b2c818ee2a23898dad5a8dba52baeaab30
SSDEEP

6144:jfMrmQ0hVh5kIr06t5J2wiAksaDlRCDeu3OmDv5r9S4vPMHie3Fg1SAuK1:gqr0IJJzdahRCau3lvd3MzWG

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2572	eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 208	2572	eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe	85
PID 2572 wrote to memory of 208	2572	eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe	85
PID 2572 wrote to memory of 208	2572	eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe	85

C:\Users\Admin\AppData\Local\Temp\eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe
"C:\Users\Admin\AppData\Local\Temp\eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Users\Admin\AppData\Local\Temp\eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe
  C:\Users\Admin\AppData\Local\Temp\eb34997850c70a4d8e8a9eb0fee3e04b6bdc7aec72cdf6df0f3d63842d736a96.exe
  2⤵
  PID:208

memory/2572-132-0x0000000000A80000-0x0000000000AC4000-memory.dmp

Filesize
272KB

Download
memory/2572-133-0x0000000005930000-0x0000000005ED4000-memory.dmp

Filesize
5.6MB

Download
memory/2572-134-0x0000000005470000-0x0000000005502000-memory.dmp

Filesize
584KB

Download
memory/2572-135-0x0000000005510000-0x000000000551A000-memory.dmp

Filesize
40KB

Download
memory/2572-136-0x00000000079F0000-0x0000000007A8C000-memory.dmp

Filesize
624KB

Download