4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 23:57

Target

4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c.exe
Size

453KB
MD5

d34a86c8cde6dee9754b61d6e40db163
SHA1

982b5a814b14823d6235abc0b12343b498a30c9b
SHA256

4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c
SHA512

f5aff75c21211cda06eab3b8014c9e0a8cc0feb23be92b88241300d5884bfda6b074c49de557230ea3fad96eb8e06b6c08b4ab31c834db573882ddfd3342bb8a
SSDEEP

12288:z/kviXzdteey0HHgXwr38Eh+Mb86O7rFTHKBX:ddtzjHYwX1bg7w

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
4896	djgmejcgdblwff.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4896	djgmejcgdblwff.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4896	djgmejcgdblwff.exe
4896	djgmejcgdblwff.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4896	4868	4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c.exe	81
PID 4868 wrote to memory of 4896	4868	4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c.exe	81

C:\Users\Admin\AppData\Local\Temp\4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c.exe
"C:\Users\Admin\AppData\Local\Temp\4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Users\Admin\AppData\Local\Temp\djgmejcgdblwff.exe
  "C:\Users\Admin\AppData\Local\Temp\\djgmejcgdblwff.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4896

C:\Users\Admin\AppData\Local\Temp\djgmejcgdblwff.exe

Filesize
11KB

MD5
702cafa129a698906160b1605c354729

SHA1
3166b8b4b9b3123473f449859953587b80649192

SHA256
c16d843b5abe3a481f938abc11d7c79dc99d522ce89ac4089ad2f49f934cd16a

SHA512
b66dcab23eeadc6466174b78fe2840ebc8f26baba5ed24a457dc0614b227315c16c1542ef8b3dd2917e786a6558f1e0f48f0ed2bb4af5a95c8f94127969d6656

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
453KB

MD5
d34a86c8cde6dee9754b61d6e40db163

SHA1
982b5a814b14823d6235abc0b12343b498a30c9b

SHA256
4beae1b37a94bffd62b86b3a7886f9a8cbc2e84a554310d471316a8e174e196c

SHA512
f5aff75c21211cda06eab3b8014c9e0a8cc0feb23be92b88241300d5884bfda6b074c49de557230ea3fad96eb8e06b6c08b4ab31c834db573882ddfd3342bb8a

Download Submit
memory/4896-134-0x00007FFB84BE0000-0x00007FFB85616000-memory.dmp

Filesize
10.2MB

Download
memory/4896-136-0x000000000111A000-0x000000000111F000-memory.dmp

Filesize
20KB

Download
memory/4896-137-0x000000000111A000-0x000000000111F000-memory.dmp

Filesize
20KB

Download