4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 03:38

Target

4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe
Size

148KB
MD5

038f46069d0a4f29ab44b7c766a173f0
SHA1

b066930a925f89d6a5da9b1cee4c806ff3c3119c
SHA256

4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871
SHA512

78cb743db6f324485234b0a82fb00ae2fbd5aa7375d9777b9897e57a0df82b0be14bc5b4d1e8a9ab265249c6dde9dec247a4b5f1fc71e6010f6881eaa25e5ca5
SSDEEP

3072:iUu32GhNvBO9qCDtLoosE/WIgU1/B65wYEPv6ANSzlWA9hFDZqz:iU82GhNpC2J47Z1/UeNNSzz5q

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1492	4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 276	1492	4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe	27
PID 1492 wrote to memory of 276	1492	4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe	27
PID 1492 wrote to memory of 276	1492	4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe	27
PID 1492 wrote to memory of 276	1492	4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe	27

C:\Users\Admin\AppData\Local\Temp\4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe
"C:\Users\Admin\AppData\Local\Temp\4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe
  C:\Users\Admin\AppData\Local\Temp\4a17f958979cdae4b705021e3fae91288d26e9f7a39d935f210325cae0505871.exe
  2⤵
  PID:276

memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1492-55-0x0000000074F30000-0x00000000754DB000-memory.dmp

Filesize
5.7MB

Download
memory/1492-56-0x0000000074F30000-0x00000000754DB000-memory.dmp

Filesize
5.7MB

Download
memory/1492-57-0x0000000074F30000-0x00000000754DB000-memory.dmp

Filesize
5.7MB

Download