2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
Size

159KB
MD5

7c5285cf6b2cdbc1c6ac66236b1f0180
SHA1

bbee19df0ea9ef80fec4f85f6b8c50904f7c7d5f
SHA256

2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d
SHA512

e330c4fc030229e3dea7a6f9fe031da1ed86aa483edba28b7c75179e993c377bd89b9b2b79ecf59166a16292f19c521dece19817cf24f5d6d247df3cb7eff5ad
SSDEEP

3072:nZO06GYDQu9j/J4Oy1emLjNI3n3xZJyDSjQ0C7TOacVxNqnDonU:ZOIYDQsj/2Oy1xLjN+3/VQ0UWqnDon

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe

description	pid	process	target process
PID 1488 set thread context of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe

description pid process

Token: SeDebugPrivilege 1488 2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe

description	pid	process
Token: SeDebugPrivilege	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe

description	pid	process	target process
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
PID 1488 wrote to memory of 2044	1488	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe	2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe

C:\Users\Admin\AppData\Local\Temp\2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
"C:\Users\Admin\AppData\Local\Temp\2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1488

C:\Users\Admin\AppData\Local\Temp\2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
C:\Users\Admin\AppData\Local\Temp\2dc2465316e6a56ec64c1195dba1eec9de1b5c7795d77f14b849cec7c91a7c1d.exe
2⤵
PID:2044

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download
memory/1488-55-0x0000000074E70000-0x000000007541B000-memory.dmp

Filesize
5.7MB

Download
memory/1488-58-0x0000000074E70000-0x000000007541B000-memory.dmp

Filesize
5.7MB

Download
memory/2044-57-0x0000000000412AEE-mapping.dmp

Download