d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 16:45

Target

d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
Size

71KB
MD5

0a554676ea50a2c9ed1f45998f00c386
SHA1

1cdc0ed2c93040df08c64c002dc32034d82c746f
SHA256

d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459
SHA512

fd7b081ac8c4cc6830b75a4c9fdfe2445894e2a09daaabea38184323fa7890aa24293d106d24651e1a0105904c2bb920585ff2750dc3358d0a8c04ffb20b8f4e
SSDEEP

1536:dDHZHYqvKqJdYxXimwLZXZtn5KLZyTDGm/Xcg:ZBlYxPqZX5K0HGm/cg

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

description	pid	process	target process
PID 1204 set thread context of 1240	1204	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

Drops file in Program Files directory 4 IoCs

Processes:

d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Bifrost\server.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
File created	C:\Program Files (x86)\Bifrost\server.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
File opened for modification	C:\Program Files (x86)\Bifrost\klog.dat	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
File opened for modification	C:\Program Files (x86)\Bifrost	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

description	pid	process
Token: SeDebugPrivilege	1240	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
Token: SeDebugPrivilege	1240	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

pid process

1240 d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

pid	process
1240	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

description	pid	process	target process
PID 1204 wrote to memory of 1240	1204	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
PID 1204 wrote to memory of 1240	1204	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
PID 1204 wrote to memory of 1240	1204	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
PID 1204 wrote to memory of 1240	1204	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
PID 1204 wrote to memory of 1240	1204	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe
PID 1204 wrote to memory of 1240	1204	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe	d3a5eb35753888cbf3d6f12f2fbb938a7b53be9a47b1b9b4db15170692f18459.exe

memory/1240-57-0x0000000000407A4D-mapping.dmp

Download
memory/1240-59-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1240-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1240-54-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1240-60-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1240-61-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1240-62-0x0000000000020000-0x0000000000032000-memory.dmp

Filesize
72KB

Download
memory/1240-63-0x0000000002710000-0x00000000027B0000-memory.dmp

Filesize
640KB

Download
memory/1240-64-0x0000000002710000-0x00000000027B0000-memory.dmp

Filesize
640KB

Download
memory/1240-65-0x0000000000260000-0x0000000000273000-memory.dmp

Filesize
76KB

Download
memory/1240-66-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1240-67-0x0000000000260000-0x0000000000263000-memory.dmp

Filesize
12KB

Download