af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577

Analysis

max time kernel
187s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 09:34

Target

af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577.exe
Size

471KB
MD5

ad131cba995cc276bec99ab6a2414822
SHA1

d4280259a51995bde6c1efdcc35dd633b3d18fed
SHA256

af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577
SHA512

91cb1b499903f4153ab9c7e00f02ff6fe6c2ea07cf8a6d9c351b34e4bd8f0de254a790f256cb0839bb34ab9f01c869f450cafe81c87ab5798b661c010c21a4c8
SSDEEP

6144:M5fYH5EeQRFT7Zoi1jY0Ie++M0vLvsZ2tsR6lRStFaYcr/bK+gGfZBZoKQJrV51U:vQR17Zoi1LIeJMsvsrcl0tQRZydVnQ

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4860	wgapeuvubjtcez.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4860	wgapeuvubjtcez.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4860	wgapeuvubjtcez.exe
4860	wgapeuvubjtcez.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 4860	1544	af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577.exe	81
PID 1544 wrote to memory of 4860	1544	af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577.exe	81

C:\Users\Admin\AppData\Local\Temp\af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577.exe
"C:\Users\Admin\AppData\Local\Temp\af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe
  "C:\Users\Admin\AppData\Local\Temp\\wgapeuvubjtcez.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4860

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
471KB

MD5
ad131cba995cc276bec99ab6a2414822

SHA1
d4280259a51995bde6c1efdcc35dd633b3d18fed

SHA256
af9696ddb65ef01b496f0a69e308f213b2a4effa07659f81edf6445d92c56577

SHA512
91cb1b499903f4153ab9c7e00f02ff6fe6c2ea07cf8a6d9c351b34e4bd8f0de254a790f256cb0839bb34ab9f01c869f450cafe81c87ab5798b661c010c21a4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
memory/4860-135-0x00007FFA431F0000-0x00007FFA43C26000-memory.dmp

Filesize
10.2MB

Download
memory/4860-137-0x0000000000F2A000-0x0000000000F2F000-memory.dmp

Filesize
20KB

Download
memory/4860-138-0x0000000000F2A000-0x0000000000F2F000-memory.dmp

Filesize
20KB

Download