5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127

Analysis

max time kernel
21s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 10:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
Size

112KB
MD5

1f8128e55e3bbec1e916eeb2e2ba4760
SHA1

773b8dcdb0d543441c6a78523beaa82d79533622
SHA256

5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127
SHA512

ce45a455549a5a5dd6d2bf542c74e8b4ad32654dfc1d4252be39b514fce4af967ad137126964c4ea8a4583c997414d3bc46242fe5b92c08ab43598ac2405d55c
SSDEEP

3072:pXoNWRGB2yK97++mtJuzsR6bXSJY02ax18:pXJRGB27D4H4zbc1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe

Suspicious behavior: MapViewOfSection 22 IoCs

pid	Process
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 368	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	5
PID 916 wrote to memory of 368	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	5
PID 916 wrote to memory of 368	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	5
PID 916 wrote to memory of 368	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	5
PID 916 wrote to memory of 368	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	5
PID 916 wrote to memory of 368	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	5
PID 916 wrote to memory of 368	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	5
PID 916 wrote to memory of 376	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	4
PID 916 wrote to memory of 376	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	4
PID 916 wrote to memory of 376	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	4
PID 916 wrote to memory of 376	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	4
PID 916 wrote to memory of 376	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	4
PID 916 wrote to memory of 376	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	4
PID 916 wrote to memory of 376	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	4
PID 916 wrote to memory of 416	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	3
PID 916 wrote to memory of 416	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	3
PID 916 wrote to memory of 416	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	3
PID 916 wrote to memory of 416	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	3
PID 916 wrote to memory of 416	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	3
PID 916 wrote to memory of 416	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	3
PID 916 wrote to memory of 416	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	3
PID 916 wrote to memory of 460	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	2
PID 916 wrote to memory of 460	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	2
PID 916 wrote to memory of 460	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	2
PID 916 wrote to memory of 460	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	2
PID 916 wrote to memory of 460	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	2
PID 916 wrote to memory of 460	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	2
PID 916 wrote to memory of 460	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	2
PID 916 wrote to memory of 476	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	1
PID 916 wrote to memory of 476	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	1
PID 916 wrote to memory of 476	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	1
PID 916 wrote to memory of 476	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	1
PID 916 wrote to memory of 476	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	1
PID 916 wrote to memory of 476	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	1
PID 916 wrote to memory of 476	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	1
PID 916 wrote to memory of 484	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	8
PID 916 wrote to memory of 484	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	8
PID 916 wrote to memory of 484	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	8
PID 916 wrote to memory of 484	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	8
PID 916 wrote to memory of 484	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	8
PID 916 wrote to memory of 484	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	8
PID 916 wrote to memory of 484	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	8
PID 916 wrote to memory of 600	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	26
PID 916 wrote to memory of 600	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	26
PID 916 wrote to memory of 600	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	26
PID 916 wrote to memory of 600	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	26
PID 916 wrote to memory of 600	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	26
PID 916 wrote to memory of 600	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	26
PID 916 wrote to memory of 600	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	26
PID 916 wrote to memory of 676	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	25
PID 916 wrote to memory of 676	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	25
PID 916 wrote to memory of 676	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	25
PID 916 wrote to memory of 676	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	25
PID 916 wrote to memory of 676	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	25
PID 916 wrote to memory of 676	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	25
PID 916 wrote to memory of 676	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	25
PID 916 wrote to memory of 756	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	24
PID 916 wrote to memory of 756	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	24
PID 916 wrote to memory of 756	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	24
PID 916 wrote to memory of 756	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	24
PID 916 wrote to memory of 756	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	24
PID 916 wrote to memory of 756	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	24
PID 916 wrote to memory of 756	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	24
PID 916 wrote to memory of 816	916	5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe	23

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:476

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
1⤵
PID:460
- C:\Windows\system32\sppsvc.exe
  C:\Windows\system32\sppsvc.exe
  2⤵
  PID:1680
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  2⤵
  PID:1644
- C:\Windows\system32\taskhost.exe
  "taskhost.exe"
  2⤵
  PID:1224
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  2⤵
  PID:1052
- C:\Windows\System32\spoolsv.exe
  C:\Windows\System32\spoolsv.exe
  2⤵
  PID:452
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k NetworkService
  2⤵
  PID:336
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k netsvcs
  2⤵
  PID:888
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalService
  2⤵
  PID:844
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  2⤵
  PID:816
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  2⤵
  PID:756
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k RPCSS
  2⤵
  PID:676
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k DcomLaunch
  2⤵
  PID:600

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:416

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:376
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "136453065417325176731557898367-304764448-9940833042125011644-553547808540570334"
  2⤵
  PID:1896

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:368
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:484

\\?\C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
1⤵
PID:1136

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1396
- C:\Users\Admin\AppData\Local\Temp\5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe
  "C:\Users\Admin\AppData\Local\Temp\5d7f42abe15934b378ee283f1ac348a4118b7df48eca5a52769bb6e6b81ff127.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:916

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-54-0x0000000001000000-0x000000000101E000-memory.dmp

Filesize
120KB

Download