f00e36f455dc30ab6dba68920646620800f1e88af0f598bc6de1a49085a01655

Analysis

max time kernel
169s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 06:57

Target

f00e36f455dc30ab6dba68920646620800f1e88af0f598bc6de1a49085a01655.exe
Size

164KB
MD5

095a91cd81d393c2120f02a01bbc3e56
SHA1

4fbcfac117a9416217b77eb7a235dfd543539ad8
SHA256

f00e36f455dc30ab6dba68920646620800f1e88af0f598bc6de1a49085a01655
SHA512

1a75d6e796fe6e1bf14bf9929bf377f149f9277a78fa5dce6889c185fc3f59cac7273954b608630275532b51badfb5c93913f0c36a91b4714211fece0f44777e
SSDEEP

3072:YDdTI3CagDoa86z1J1cG6xHg67bOtyyaQgmkyEoRkxGtmwrKc3jAqTV:YDGyaaoaFJjcGigSbOtyybxkynRrJkqB

Score

1^/10

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2132	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 2132	3544	f00e36f455dc30ab6dba68920646620800f1e88af0f598bc6de1a49085a01655.exe	75

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2132
- C:\Users\Admin\AppData\Local\Temp\f00e36f455dc30ab6dba68920646620800f1e88af0f598bc6de1a49085a01655.exe
  "C:\Users\Admin\AppData\Local\Temp\f00e36f455dc30ab6dba68920646620800f1e88af0f598bc6de1a49085a01655.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3544