939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8

Analysis

max time kernel
60s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
Size

997KB
MD5

cc1439d43a95d8834e593a20b082ef24
SHA1

5cd14499b0b902bad969d39ab28b1e9efe0d9354
SHA256

939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8
SHA512

a7c4a8ef7bf9b52cb8db3b3557a2e72e20b1fedc95d69895a6872979062dd90639771be6da3758f49b0d528a87fc3bddbe8db1940725231926ac8a34edc662d0
SSDEEP

24576:FbcOE7O5ueXGqJghIL2AYS3ymFYe9eQxX4P:hcs5tbL4beLG

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe

description	pid	process	target process
PID 824 set thread context of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe

description pid process

Token: SeDebugPrivilege 824 939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe

description	pid	process
Token: SeDebugPrivilege	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe

C:\Users\Admin\AppData\Local\Temp\939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
"C:\Users\Admin\AppData\Local\Temp\939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:824

C:\Users\Admin\AppData\Local\Temp\939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
C:\Users\Admin\AppData\Local\Temp\939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
2⤵
PID:1000

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/824-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download
memory/824-55-0x0000000073EF0000-0x000000007449B000-memory.dmp

Filesize
5.7MB

Download
memory/824-58-0x0000000073EF0000-0x000000007449B000-memory.dmp

Filesize
5.7MB

Download
memory/1000-57-0x000000000048F888-mapping.dmp

Download

description	pid	process	target process
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
PID 824 wrote to memory of 1000	824	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe	939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe