d6399f09ce6de3c04d085c2d65bbd5bd3995aaa60d050229272b1650e19a2e86

Analysis

max time kernel
44s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-10-2022 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8e4c2354988b253175f2d1eb6de9992.exe
Size

774KB
MD5

e8e4c2354988b253175f2d1eb6de9992
SHA1

0f6d973f344e92b9b7372f3d14bcbdedebdf37d9
SHA256

d6399f09ce6de3c04d085c2d65bbd5bd3995aaa60d050229272b1650e19a2e86
SHA512

d4effa3396399e141354a1953c034db2bb2c72f235bac0230b3e18a5ec3f9360a080b630dfc3025e4d279a7a57a6e79f17e35dfd3abcd9a2653282b74e611da9
SSDEEP

12288:6cAbD+/gRVxUCsjAHKtPLgkiHJ8XC0U4ZT9P/CYeI:8bD6DpMSWHJoUYlu

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

e8e4c2354988b253175f2d1eb6de9992.exe

pid	process
1784	e8e4c2354988b253175f2d1eb6de9992.exe
1784	e8e4c2354988b253175f2d1eb6de9992.exe
1784	e8e4c2354988b253175f2d1eb6de9992.exe
1784	e8e4c2354988b253175f2d1eb6de9992.exe
1784	e8e4c2354988b253175f2d1eb6de9992.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e8e4c2354988b253175f2d1eb6de9992.exe

description pid process

Token: SeDebugPrivilege 1784 e8e4c2354988b253175f2d1eb6de9992.exe

description	pid	process
Token: SeDebugPrivilege	1784	e8e4c2354988b253175f2d1eb6de9992.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

e8e4c2354988b253175f2d1eb6de9992.exe

C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe
"C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1784

C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe
"C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe"
2⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe
"C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe"
2⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe
"C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe"
2⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe
"C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe"
2⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe
"C:\Users\Admin\AppData\Local\Temp\e8e4c2354988b253175f2d1eb6de9992.exe"
2⤵
PID:1720

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-54-0x0000000000340000-0x0000000000408000-memory.dmp

Filesize
800KB

Download
memory/1784-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/1784-56-0x0000000000660000-0x0000000000674000-memory.dmp

Filesize
80KB

Download
memory/1784-57-0x0000000000680000-0x000000000068C000-memory.dmp

Filesize
48KB

Download
memory/1784-58-0x00000000053B0000-0x0000000005444000-memory.dmp

Filesize
592KB

Download
memory/1784-59-0x0000000001FC0000-0x0000000001FFA000-memory.dmp

Filesize
232KB

Download

description	pid	process	target process
PID 1784 wrote to memory of 1920	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1920	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1920	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1920	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1496	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1496	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1496	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1496	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1136	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1136	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1136	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1136	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 852	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 852	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 852	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 852	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1720	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1720	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1720	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe
PID 1784 wrote to memory of 1720	1784	e8e4c2354988b253175f2d1eb6de9992.exe	e8e4c2354988b253175f2d1eb6de9992.exe