b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1

Analysis

max time kernel
139s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 23:31

Target

b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1.exe
Size

470KB
MD5

05e1c5fd8532d30646176c31d763a470
SHA1

b1f1234c1ae765edac9d086685b7a7349092a598
SHA256

b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1
SHA512

590a50cebf532082508a4740fa973edaed9b01d8ca50edfe34b7ec74eb069476b760012e1c6e385b48b974c4d0168ce1489a5ed59efab3aa40101feddce1ee26
SSDEEP

12288:dQduZgCDOfyZBnC+QRWNHsQGF0pcsMTXgQmz9eNLqjY:ZZgCD9C+EWNML2pcsM7YReojY

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
5024	zmkkghwlhsdjiuf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5024	zmkkghwlhsdjiuf.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5024	zmkkghwlhsdjiuf.exe
5024	zmkkghwlhsdjiuf.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 5024	1336	b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1.exe	81
PID 1336 wrote to memory of 5024	1336	b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1.exe	81

C:\Users\Admin\AppData\Local\Temp\b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1.exe
"C:\Users\Admin\AppData\Local\Temp\b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Users\Admin\AppData\Local\Temp\zmkkghwlhsdjiuf.exe
  "C:\Users\Admin\AppData\Local\Temp\\zmkkghwlhsdjiuf.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5024

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
470KB

MD5
05e1c5fd8532d30646176c31d763a470

SHA1
b1f1234c1ae765edac9d086685b7a7349092a598

SHA256
b26ee274ac64887e8612e5476f74651b7465b90415a076ab7eb0a3cd7116e1c1

SHA512
590a50cebf532082508a4740fa973edaed9b01d8ca50edfe34b7ec74eb069476b760012e1c6e385b48b974c4d0168ce1489a5ed59efab3aa40101feddce1ee26

Download Submit
C:\Users\Admin\AppData\Local\Temp\zmkkghwlhsdjiuf.exe

Filesize
18KB

MD5
080496d64c7b605530efb40a7bbf9259

SHA1
8e27dcdf5b271c295987c908dfb6ba4d4ab376c4

SHA256
acfc068fcfa5ec65bd8a3e235ada2c6ee86dca3d1d1f866a40c20ad5948a4f87

SHA512
ddc7c2c18e34f27517357584903323f36368736e4c50e342546666dbc369475691834de8ad4028104585199dbb531482ae72ebd9e7235fff46a7c9716bd11402

Download Submit
C:\Users\Admin\AppData\Local\Temp\zmkkghwlhsdjiuf.exe

Filesize
18KB

MD5
080496d64c7b605530efb40a7bbf9259

SHA1
8e27dcdf5b271c295987c908dfb6ba4d4ab376c4

SHA256
acfc068fcfa5ec65bd8a3e235ada2c6ee86dca3d1d1f866a40c20ad5948a4f87

SHA512
ddc7c2c18e34f27517357584903323f36368736e4c50e342546666dbc369475691834de8ad4028104585199dbb531482ae72ebd9e7235fff46a7c9716bd11402

Download Submit
memory/5024-138-0x00007FFCED520000-0x00007FFCEDF56000-memory.dmp

Filesize
10.2MB

Download
memory/5024-140-0x0000000000D2A000-0x0000000000D2F000-memory.dmp

Filesize
20KB

Download
memory/5024-141-0x0000000000D2A000-0x0000000000D2F000-memory.dmp

Filesize
20KB

Download