6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17/10/2022, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
Size

8.0MB
MD5

734bcc186e1d9a484b6a6cd3f1a08b01
SHA1

3eeae6a7870b644e567bfac5c827c3694d2abff2
SHA256

6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d
SHA512

a02459e06de6ac8d2ba8541b01fe17a99a3db6b199ff76451c1ad1f170451c671a6d759a8cd8f5aaf641a80f9882dd4cdd0b400c300ab4e05e342e574e4755a8
SSDEEP

24576:57uniecibM1WscDkDyW2YYX8lMC+h0D2Q2njA9wiGaasAJC3tEUtGI/an8KhRW6k:qICfyI1yUgklHMVbFcueMogz1SzEFju

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 276	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	28
PID 1088 wrote to memory of 276	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	28
PID 1088 wrote to memory of 276	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	28
PID 1088 wrote to memory of 1108	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	29
PID 1088 wrote to memory of 1108	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	29
PID 1088 wrote to memory of 1108	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	29
PID 1088 wrote to memory of 1112	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	30
PID 1088 wrote to memory of 1112	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	30
PID 1088 wrote to memory of 1112	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	30
PID 1088 wrote to memory of 1320	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	31
PID 1088 wrote to memory of 1320	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	31
PID 1088 wrote to memory of 1320	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	31
PID 1088 wrote to memory of 2016	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	32
PID 1088 wrote to memory of 2016	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	32
PID 1088 wrote to memory of 2016	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	32
PID 1088 wrote to memory of 2020	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	33
PID 1088 wrote to memory of 2020	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	33
PID 1088 wrote to memory of 2020	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	33
PID 1088 wrote to memory of 2036	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	34
PID 1088 wrote to memory of 2036	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	34
PID 1088 wrote to memory of 2036	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	34
PID 1088 wrote to memory of 2040	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	35
PID 1088 wrote to memory of 2040	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	35
PID 1088 wrote to memory of 2040	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	35
PID 1088 wrote to memory of 1740	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	36
PID 1088 wrote to memory of 1740	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	36
PID 1088 wrote to memory of 1740	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	36
PID 1088 wrote to memory of 2024	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	37
PID 1088 wrote to memory of 2024	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	37
PID 1088 wrote to memory of 2024	1088	6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe	37

C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
"C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:276
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:1108
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:1112
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:1320
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:2016
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:2020
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:2040
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:1740
- C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  C:\Users\Admin\AppData\Local\Temp\6204442688609c7641b6ac67f4b99c3288c52c643842be79ee081cfdbcb8c65d.exe
  2⤵
  PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1088-54-0x0000000000AA0000-0x0000000001296000-memory.dmp

Filesize
8.0MB

Download
memory/1088-55-0x000000001C620000-0x000000001CA08000-memory.dmp

Filesize
3.9MB

Download
memory/1088-56-0x00000000029C0000-0x0000000002A52000-memory.dmp

Filesize
584KB

Download