4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 22:44

Target

4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe
Size

660KB
MD5

55865a014d08f914c4d1ac2b1d4b04b0
SHA1

9c7ea77c1076ecb10e490a2e2d0b3b509479717b
SHA256

4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16
SHA512

d42bdc219539e3c75d84e2be7f0b974df16d811a40e42fae785c98fa2c1e6d3ac396b5f1c4e05201e8afeb2eef97e95228e1f6fec7847ebc1da1da90429d5194
SSDEEP

12288:x7YpAXGsSal6B/S0XHSsZwNPUxVK44L6sT3Elu7HOwDLd6zcd5EgpeV:xsAWj4NdV

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 816 set thread context of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27
PID 816 wrote to memory of 916	816	4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe	27

C:\Users\Admin\AppData\Local\Temp\4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe
"C:\Users\Admin\AppData\Local\Temp\4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:816
- C:\Users\Admin\AppData\Local\Temp\4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe
  C:\Users\Admin\AppData\Local\Temp\4775c79b556c4e60e9685e575c82800620b074192e27e35825aaffd46c60aa16.exe
  2⤵
  PID:916

memory/816-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download
memory/816-55-0x00000000740B0000-0x000000007465B000-memory.dmp

Filesize
5.7MB

Download
memory/816-58-0x0000000001D65000-0x0000000001D76000-memory.dmp

Filesize
68KB

Download
memory/816-60-0x0000000001D65000-0x0000000001D76000-memory.dmp

Filesize
68KB

Download
memory/816-59-0x00000000740B0000-0x000000007465B000-memory.dmp

Filesize
5.7MB

Download