d7f52588d2f9c418c5fa3a9f69dc55dfcb4c36be56673cb4d7d4807fc8d99704

Analysis

max time kernel
191s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:45

Target

00000000.exe
Size

718KB
MD5

7cf2ad62d3903e846f53f9cf6b6d6165
SHA1

59688005886c9f59c52087301a89c48d1749f457
SHA256

d7f52588d2f9c418c5fa3a9f69dc55dfcb4c36be56673cb4d7d4807fc8d99704
SHA512

a38942e28ff00e02c051c2a0bc9f62cd4630c9512e9b9609ded04d1e1de49bcf7c64483982d6f138b186e776044ea5fbd89d95380d9033728192f0fedff8c1c1
SSDEEP

12288:ORvRU68atsFb35ljSkv+IVYKZFL/jcrBWr1W+D78PPlY:oU68atsxTxrZx41WWQ7eNY

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

00000000.exe

pid process

1312 00000000.exe
1312 00000000.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

00000000.exe

description pid process

Token: SeDebugPrivilege 1312 00000000.exe

pid	process
1312	00000000.exe
1312	00000000.exe

description	pid	process
Token: SeDebugPrivilege	1312	00000000.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

00000000.exe

description	pid	process	target process
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe
PID 1312 wrote to memory of 2608	1312	00000000.exe	AddInProcess32.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
2⤵
PID:2608

memory/1312-132-0x0000000000EA0000-0x0000000000F58000-memory.dmp

Filesize
736KB

Download
memory/1312-133-0x0000000005950000-0x0000000005EF4000-memory.dmp

Filesize
5.6MB

Download
memory/1312-134-0x0000000005480000-0x0000000005512000-memory.dmp

Filesize
584KB

Download
memory/1312-135-0x0000000005520000-0x00000000055BC000-memory.dmp

Filesize
624KB

Download
memory/1312-136-0x0000000005460000-0x000000000546A000-memory.dmp

Filesize
40KB

Download
memory/2608-137-0x0000000000000000-mapping.dmp

Download