fa91bd71ccdae9330dcb6e4c8781747a4af458fe685b2cfe122be38bbc8b4d2a

Analysis

max time kernel
58s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/10/2022, 08:02

Target

AWB 876509873456.exe
Size

864KB
MD5

95447d9b7ba05236161f0cf16a613191
SHA1

b0e54f1573bd15b0782582496fc7c18292d3f1b1
SHA256

e46b29e73da9b6301763e29451926153ee4390538e3253b7b9db85f915be8f98
SHA512

77b0ac92b76b886d13a12ee680d0d75139b98d8ceae34f2cc0af05fc2f4029ef458100cfc878fb9a95249dac999d88272883399fff35d1504c80d60d7eda546b
SSDEEP

12288:GH5agfyR/4ve9/1X3TBfWTqlaAeUQzK0S8wyTR:QQ4ve9/1HVfoqlaQQzK0o8R

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2036	AWB 876509873456.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 944	2036	AWB 876509873456.exe	26
PID 2036 wrote to memory of 944	2036	AWB 876509873456.exe	26
PID 2036 wrote to memory of 944	2036	AWB 876509873456.exe	26
PID 2036 wrote to memory of 944	2036	AWB 876509873456.exe	26
PID 2036 wrote to memory of 976	2036	AWB 876509873456.exe	27
PID 2036 wrote to memory of 976	2036	AWB 876509873456.exe	27
PID 2036 wrote to memory of 976	2036	AWB 876509873456.exe	27
PID 2036 wrote to memory of 976	2036	AWB 876509873456.exe	27
PID 2036 wrote to memory of 940	2036	AWB 876509873456.exe	28
PID 2036 wrote to memory of 940	2036	AWB 876509873456.exe	28
PID 2036 wrote to memory of 940	2036	AWB 876509873456.exe	28
PID 2036 wrote to memory of 940	2036	AWB 876509873456.exe	28
PID 2036 wrote to memory of 1104	2036	AWB 876509873456.exe	29
PID 2036 wrote to memory of 1104	2036	AWB 876509873456.exe	29
PID 2036 wrote to memory of 1104	2036	AWB 876509873456.exe	29
PID 2036 wrote to memory of 1104	2036	AWB 876509873456.exe	29
PID 2036 wrote to memory of 956	2036	AWB 876509873456.exe	30
PID 2036 wrote to memory of 956	2036	AWB 876509873456.exe	30
PID 2036 wrote to memory of 956	2036	AWB 876509873456.exe	30
PID 2036 wrote to memory of 956	2036	AWB 876509873456.exe	30

C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe
"C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe
  "C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe"
  2⤵
  PID:944
- C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe
  "C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe"
  2⤵
  PID:976
- C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe
  "C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe"
  2⤵
  PID:940
- C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe
  "C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe"
  2⤵
  PID:1104
- C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe
  "C:\Users\Admin\AppData\Local\Temp\AWB 876509873456.exe"
  2⤵
  PID:956

memory/2036-54-0x00000000001B0000-0x0000000000288000-memory.dmp

Filesize
864KB

Download
memory/2036-55-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x0000000000390000-0x00000000003AC000-memory.dmp

Filesize
112KB

Download
memory/2036-57-0x00000000003B0000-0x00000000003BC000-memory.dmp

Filesize
48KB

Download
memory/2036-58-0x0000000005F40000-0x0000000005FBA000-memory.dmp

Filesize
488KB

Download
memory/2036-59-0x00000000006F0000-0x0000000000712000-memory.dmp

Filesize
136KB

Download