2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 14:01

Target

2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe
Size

74KB
MD5

6dc5af0ec5426068bff6aae8d031b7b0
SHA1

63fff3c75a9cefeda4bae04a4802dcf878eb1bcf
SHA256

2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1
SHA512

18f2adab972e2a5edb9d5c4ad47f0487292a4e814b76abd2f428ca3e4f04a278fc940722da08a750e217669de2d97c8b51df66858ef5d0bd87d6758bfc2f4406
SSDEEP

1536:lN+qiNENj73QHZNnNU3lEsw46zr4m8PGE+JuVMdUOe5OQvkB7h3TZCoEHFa:lNYNENj73QHZNnNU3lEsw46zr4m8PGXO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4212	2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 5016	4212	2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe	83
PID 4212 wrote to memory of 5016	4212	2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe	83
PID 4212 wrote to memory of 5016	4212	2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe	83
PID 4212 wrote to memory of 4204	4212	2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe	82
PID 4212 wrote to memory of 4204	4212	2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe	82
PID 4212 wrote to memory of 4204	4212	2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe	82

C:\Users\Admin\AppData\Local\Temp\2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe
"C:\Users\Admin\AppData\Local\Temp\2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Users\Admin\AppData\Local\Temp\2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe
  2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe
  2⤵
  PID:4204
- C:\Users\Admin\AppData\Local\Temp\2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe
  2401a7c8079b70eef26f42926b98412daa0b5e3a5a7e06512f074f5cfedec1e1.exe
  2⤵
  PID:5016

memory/4212-133-0x0000000075510000-0x0000000075AC1000-memory.dmp

Filesize
5.7MB

Download