453eebd2dcf98e15e9ccab2c706438a9d34497631db1f64b6fe9cc3ed41696da

Analysis

max time kernel
150s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-10-2022 11:16

Target

builder.exe
Size

470KB
MD5

8c689dc9e82c9356b990d2b67b4943e1
SHA1

6bdc415b9c356bbeaea75c7336cd72910b95a644
SHA256

e8e2deb0a83aebb1e2cc14846bc71715343372103f279d2d1622e383fb26d6ef
SHA512

fb38a79dbcebde149736d5e1ca37dc15d274838be304d3f86e992d610b50c31d7fe4c30f6697c890f3753443af16eab712aef3f8da88d76ed00790083deb51e4
SSDEEP

12288:7tDkI5O/1MHOvEIfRfaXNCTL98vy7anEvY86vM1kiY4XotXpEKAoiO5wBmrkAUfM:7tQcOdu4BcCTL98vy7anEvY86vM1kiYt

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
888	taskmgr.exe
888	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	888	taskmgr.exe

Suspicious use of FindShellTrayWindow 14 IoCs

Suspicious use of SendNotifyMessage 14 IoCs

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
PID:1504

memory/888-55-0x000007FEFC141000-0x000007FEFC143000-memory.dmp

Filesize
8KB

Download
memory/1504-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download