dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7

Analysis

max time kernel
51s
max time network
58s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 08:51

Target

dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe
Size

129KB
MD5

a31f822068875eeae2d252c98bb40070
SHA1

0b74295acf4f778ce51e5cb1e0a8fccb93c5f8ad
SHA256

dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7
SHA512

8754c3732c4e5655796ecee8903cf01903d8d419f6b353490504c215f5faf659d8bfadb900657a3c23a319b5e5503634413e3f058869cd9399edfc07768b6111
SSDEEP

3072:mK3ieyq3IdtfCy5EQcpcUEjFxuI5h1p4QHpnH0gnFKAZ7:j3iTqktcCX1p4unlFbZ

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1396	auxynir.exe

Deletes itself 1 IoCs

pid	Process
1164	explorer.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1600 set thread context of 1164	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	28

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\auxynir.exe	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe
File opened for modification	C:\Windows\auxynir.exe	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe
1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe
1396	auxynir.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1396	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	27
PID 1600 wrote to memory of 1396	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	27
PID 1600 wrote to memory of 1396	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	27
PID 1600 wrote to memory of 1396	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	27
PID 1600 wrote to memory of 1164	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	28
PID 1600 wrote to memory of 1164	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	28
PID 1600 wrote to memory of 1164	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	28
PID 1600 wrote to memory of 1164	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	28
PID 1600 wrote to memory of 1164	1600	dcefde87b830533f6b1721f77d07c11917995509ffde188eb63bd0a064aedfe7.exe	28
PID 1396 wrote to memory of 1208	1396	auxynir.exe	16

C:\Windows\auxynir.exe

Filesize
129KB

MD5
8ec586166f9beeb4f2310aa66e3c8142

SHA1
d9274d2ff5040fc4d1d76a7f6df7798185e28ced

SHA256
bee961002cc9abb81916a31e6a3a35c48d1207e30cccaed0e789b48be9f75e28

SHA512
093623ac2db497a7e043667ae752a356b5f486340ad0930f0cfa3d3590f38a71a8da3dfccd7b3c2ba4cb15f35c59daa5810d700788da4b1588d9cf9d88e0036e

Download Submit
memory/1164-60-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1164-62-0x0000000074551000-0x0000000074553000-memory.dmp

Filesize
8KB

Download
memory/1208-56-0x0000000002470000-0x000000000249B000-memory.dmp

Filesize
172KB

Download
memory/1396-61-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1600-59-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download