99d28200203baac82a7253419526711f38d7ecb1a6098f243c8656adc72ef6d8

Analysis

max time kernel
51s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-10-2022 20:48

Target

tmp.exe
Size

934KB
MD5

9bd821ba65b89710d2d81c7a7b98ab5d
SHA1

cbdc6446729b60601f7c288bc063cd9cc216f925
SHA256

99d28200203baac82a7253419526711f38d7ecb1a6098f243c8656adc72ef6d8
SHA512

30ad861b9015a201cec5e6a88ce6cba3e03459f1c709ef50c89505de96e5760e7c1647dc8382751fffc3c9ed843b539114b52051e8d564c6fde7fad08436c5a4
SSDEEP

24576:xcCEmyVj6jI43L84UytM00todtTQxRjU/oe:xcCRI6jIepUy+ZtmdGR

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

tmp.exe

pid process

832 tmp.exe
832 tmp.exe
832 tmp.exe
832 tmp.exe
832 tmp.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

tmp.exe

description pid process

Token: SeDebugPrivilege 832 tmp.exe

description	pid	process
Token: SeDebugPrivilege	832	tmp.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 832 wrote to memory of 2040	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 2040	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 2040	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 2040	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1052	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1052	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1052	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1052	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1740	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1740	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1740	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1740	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1988	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1988	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1988	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 1988	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 2008	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 2008	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 2008	832	tmp.exe	tmp.exe
PID 832 wrote to memory of 2008	832	tmp.exe	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
2⤵
PID:2008

memory/832-54-0x0000000000330000-0x0000000000420000-memory.dmp

Filesize
960KB

Download
memory/832-55-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/832-56-0x0000000005000000-0x00000000050E4000-memory.dmp

Filesize
912KB

Download
memory/832-57-0x0000000000A50000-0x0000000000A66000-memory.dmp

Filesize
88KB

Download
memory/832-58-0x0000000007E10000-0x0000000007EC0000-memory.dmp

Filesize
704KB

Download
memory/832-59-0x0000000005CD0000-0x0000000005D4A000-memory.dmp

Filesize
488KB

Download