21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb

Analysis

max time kernel
207s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 15:17

Target

21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb.exe
Size

471KB
MD5

c7de52cc7bf560f50fcf6934c7ea7f3f
SHA1

43c191e2a21f7ed21de66114fcd97e84e2daaae8
SHA256

21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb
SHA512

d2bf76850335d7fa28c33a58037d3b618f0bf8e386acbf237872d957cb78bd9b54bde024f90befa0b0686569573623fb646166bdfc585086f0b499789f5721ef
SSDEEP

6144:E5fYH5EeQRFT7Zoi1jY0Ie++M0vLvsZ2tsR6lRStFaYcr/bK+gGfZBZoKQJrV51U:nQR17Zoi1LIeJMsvsrcl0tQRZydVng

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4576	wgapeuvubjtcez.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4576	wgapeuvubjtcez.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4576	wgapeuvubjtcez.exe
4576	wgapeuvubjtcez.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4576	4548	21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb.exe	84
PID 4548 wrote to memory of 4576	4548	21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb.exe	84

C:\Users\Admin\AppData\Local\Temp\21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb.exe
"C:\Users\Admin\AppData\Local\Temp\21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe
  "C:\Users\Admin\AppData\Local\Temp\\wgapeuvubjtcez.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4576

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
471KB

MD5
c7de52cc7bf560f50fcf6934c7ea7f3f

SHA1
43c191e2a21f7ed21de66114fcd97e84e2daaae8

SHA256
21cffedbdc25663bd30bda5b68635578c655bd8b2410205f65af7c0d1b8417fb

SHA512
d2bf76850335d7fa28c33a58037d3b618f0bf8e386acbf237872d957cb78bd9b54bde024f90befa0b0686569573623fb646166bdfc585086f0b499789f5721ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
memory/4576-135-0x000000001C980000-0x000000001D3B6000-memory.dmp

Filesize
10.2MB

Download
memory/4576-137-0x000000000174A000-0x000000000174F000-memory.dmp

Filesize
20KB

Download
memory/4576-138-0x000000000174A000-0x000000000174F000-memory.dmp

Filesize
20KB

Download