707714c25c9050ce571a4decc3b6b10fbf8378ece2b29410397a5450da0e354e

Analysis

max time kernel
47s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:51

Target

tmpb1p5oqt2.exe
Size

966KB
MD5

274d242327c6e2ca0c6551c154e401cc
SHA1

70ca1199fe6294aa3eb076724999a4f5795ddf1f
SHA256

707714c25c9050ce571a4decc3b6b10fbf8378ece2b29410397a5450da0e354e
SHA512

0fbe2e8536ffe67b3ed20aa3970ab4f88ebe27a1393dae57773b3e58726b5688e9467d4cb0f700f38ec2d5c872da55c7eb7e19edd596e2b0b632ab6aeecf84f7
SSDEEP

12288:SYe7V72iNUsZ1DX/VDJARodOjhKn838sy3lcZCyYHOo/2XwNEPbpBv60i2Gxk11l:01uXqdOjhK81y37dOvwaVwY1nHJf

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

tmpb1p5oqt2.exe

pid process

1492 tmpb1p5oqt2.exe
1492 tmpb1p5oqt2.exe
1492 tmpb1p5oqt2.exe
1492 tmpb1p5oqt2.exe
1492 tmpb1p5oqt2.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

tmpb1p5oqt2.exe

description pid process

Token: SeDebugPrivilege 1492 tmpb1p5oqt2.exe

description	pid	process
Token: SeDebugPrivilege	1492	tmpb1p5oqt2.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

tmpb1p5oqt2.exe

description	pid	process	target process
PID 1492 wrote to memory of 584	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 584	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 584	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 584	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 592	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 592	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 592	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 592	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 672	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 672	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 672	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 672	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 1936	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 1936	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 1936	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 1936	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 868	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 868	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 868	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe
PID 1492 wrote to memory of 868	1492	tmpb1p5oqt2.exe	tmpb1p5oqt2.exe

C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe
"C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe"
2⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe
"C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe"
2⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe
"C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe"
2⤵
PID:672

C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe
"C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe"
2⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe
"C:\Users\Admin\AppData\Local\Temp\tmpb1p5oqt2.exe"
2⤵
PID:868

memory/1492-54-0x0000000000320000-0x0000000000418000-memory.dmp

Filesize
992KB

Download
memory/1492-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1492-56-0x0000000000290000-0x00000000002A8000-memory.dmp

Filesize
96KB

Download
memory/1492-57-0x0000000000270000-0x000000000027C000-memory.dmp

Filesize
48KB

Download
memory/1492-58-0x0000000007F00000-0x0000000007F98000-memory.dmp

Filesize
608KB

Download
memory/1492-59-0x0000000000970000-0x00000000009D0000-memory.dmp

Filesize
384KB

Download