1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3

Analysis

max time kernel
146s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 21:54

Target

1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3.exe
Size

454KB
MD5

ea14b59342ab1e8bcb89314b33333eac
SHA1

ada887e8ea0be05f3a40d6d7c6cab6082c834d18
SHA256

1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3
SHA512

8dbae9a09322c6b67ebc3efd1add2b720c82a4d838c4d9cee334a1c8153bf3e2c4e1d3d219fe9ce4f56ea02374f55d047f6bafaae1bd692c0adbbede432ca137
SSDEEP

6144:vvaqS4IR/kviXzd4N6qJFldlibYOlU/glqmOgDVL5ul94BhunZQpLzms7VFP3UYa:y/kviXzdyGYr/eDVL5ul2unZatZU

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1540	qfjesjluewfgfyu.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1540	qfjesjluewfgfyu.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1540	qfjesjluewfgfyu.exe
1540	qfjesjluewfgfyu.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1540	2320	1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3.exe	80
PID 2320 wrote to memory of 1540	2320	1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3.exe	80

C:\Users\Admin\AppData\Local\Temp\1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3.exe
"C:\Users\Admin\AppData\Local\Temp\1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\qfjesjluewfgfyu.exe
  "C:\Users\Admin\AppData\Local\Temp\\qfjesjluewfgfyu.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1540

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
454KB

MD5
ea14b59342ab1e8bcb89314b33333eac

SHA1
ada887e8ea0be05f3a40d6d7c6cab6082c834d18

SHA256
1907e06adba3380af0018eb462a279767bd10663700e077c23df0194ad8141d3

SHA512
8dbae9a09322c6b67ebc3efd1add2b720c82a4d838c4d9cee334a1c8153bf3e2c4e1d3d219fe9ce4f56ea02374f55d047f6bafaae1bd692c0adbbede432ca137

Download Submit
C:\Users\Admin\AppData\Local\Temp\qfjesjluewfgfyu.exe

Filesize
11KB

MD5
9a7e17351f0e74570b387600922e59e0

SHA1
017bf40ae2cb8321ee9825e3b93339fd41a148da

SHA256
44b9e76377582e04cc2fdc0c6b922634bcda5f9304419ddeac2833610249cc6c

SHA512
bb0bef29d7b60307bf77a81a358d55a7483b1fa81ed3e9453898b1d7629bd1ecab7ec92c505d6522f887549b4604edcdc8a5547b21f66b5c46b84169522f3ba3

Download Submit
memory/1540-134-0x00007FFD0E900000-0x00007FFD0F336000-memory.dmp

Filesize
10.2MB

Download
memory/1540-136-0x0000000000B7A000-0x0000000000B7F000-memory.dmp

Filesize
20KB

Download
memory/1540-137-0x0000000000B7A000-0x0000000000B7F000-memory.dmp

Filesize
20KB

Download