caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 18:02

Target

caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe
Size

664KB
MD5

0f3ff690207650223761843cf23b2436
SHA1

b67a502abe4e73fc1475b070bc7bb9644484d1f9
SHA256

caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3
SHA512

ec8d4d5a6e34113b3e43c380ac862a61eb69cb96eef4634eda9bce3e020921b6977418b62afdf61d86302e5a16cb23cf16be3cc1fa31ffdc8a3dd2a1943b0447
SSDEEP

12288:tObOnNXQ5dUMCludMdatecrACcCSQvfED7Qp3XgTfimHW6jSa1vkz:MinNX0KLaAvC9fEAaXHWaSa1vu

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	1108	caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe
Token: SeSecurityPrivilege	1108	caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe
Token: SeSecurityPrivilege	1108	caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1292	1108	caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe	27
PID 1108 wrote to memory of 1292	1108	caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe	27
PID 1108 wrote to memory of 1292	1108	caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe	27
PID 1108 wrote to memory of 1292	1108	caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe	27

C:\Users\Admin\AppData\Local\Temp\caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe
"C:\Users\Admin\AppData\Local\Temp\caab95648835b1de7efd81fbdcebf164d5f4ea24c478c5f398d77c74a94d67a3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 576
  2⤵
  PID:1292

memory/1108-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/1108-55-0x0000000074950000-0x0000000074EFB000-memory.dmp

Filesize
5.7MB

Download
memory/1108-58-0x0000000074950000-0x0000000074EFB000-memory.dmp

Filesize
5.7MB

Download