01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436

Analysis

max time kernel
217s
max time network
273s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 23:20

Target

01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe
Size

127KB
MD5

03688071218ea258eb75513972e27f7b
SHA1

a574767956e75f7c504a311f1c631519c1b30cc9
SHA256

01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436
SHA512

270e4313fd281b4d7b807e6ebe491c917c4182b2d6bb81850062117a2ca54547f787a9c5b8f52ab71cb0c224002e315a3530c50433613ae0abdf3f9c8a723b86
SSDEEP

3072:bXgjy4mXbzTn8vFCuYuU10Rktau24YI3WA4zVnJi2:DWOLzL8NY8c5TYOMPi

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1536	Swasya.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe
File created	C:\Windows\Swasya.exe	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe
File opened for modification	C:\Windows\Swasya.exe	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Swasya.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe
Token: SeBackupPrivilege	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 1536	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe	28
PID 612 wrote to memory of 1536	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe	28
PID 612 wrote to memory of 1536	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe	28
PID 612 wrote to memory of 1536	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe	28
PID 612 wrote to memory of 1536	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe	28
PID 612 wrote to memory of 1536	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe	28
PID 612 wrote to memory of 1536	612	01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436.exe	28

C:\Windows\Swasya.exe

Filesize
127KB

MD5
03688071218ea258eb75513972e27f7b

SHA1
a574767956e75f7c504a311f1c631519c1b30cc9

SHA256
01ecbac71409ecb8c0b7b89f355221cc7ba1882a50dd775d8bce2b51ee279436

SHA512
270e4313fd281b4d7b807e6ebe491c917c4182b2d6bb81850062117a2ca54547f787a9c5b8f52ab71cb0c224002e315a3530c50433613ae0abdf3f9c8a723b86

Download Submit
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

Filesize
408B

MD5
791b3df56528cf40a9fe9b2ed081233e

SHA1
ce96a29b35478b36925824655657b329c9c0fa1b

SHA256
fb56a72492b95f92bf8d0cdc0627145b1036715bb23d1df11b88c9b6f238dbd1

SHA512
d930d24ff43f93ce76ae7130909f6f40d3ea8d39f917c8ca0696a3d2d868cae2159772db6ebe9f8b0bb9016bb7fea0122fb4a3138c601e4a8fc20c8b319be347

Download Submit
memory/612-54-0x00000000767C1000-0x00000000767C3000-memory.dmp

Filesize
8KB

Download
memory/612-55-0x0000000000320000-0x0000000000347000-memory.dmp

Filesize
156KB

Download
memory/612-56-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/612-57-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/612-64-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1536-62-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1536-63-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download