504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38

Analysis

max time kernel
177s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 09:08

Target

©ɱ/040.exe
Size

135KB
MD5

4fe84fc378421449ce4796ae6662aa50
SHA1

7e5522d49418c237e1c06f6794875fa32a1fa3c7
SHA256

439f331f1193005bab42f18faed822b2b9345762a7a81ca501063d6e655ccae2
SHA512

4aa1337443548533e45e6d92d2b3d1e55bf263eb5c0854623a91602fca561a5303ff62d8905cff86ae02920f16ebef827e8fae0ab9e1c799acd0757482fa5895
SSDEEP

1536:4/yPJze2vZcTmW44YM6HsYYpQjXscm+ZNfycqNOMPCHSHuQH9ORVsvdj17dlK+Gq:4/YxeHTmucYgcdyxUIMPCcH9K6jHlKZE

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

040.exe

description pid process target process

PID 3596 set thread context of 2020 3596 040.exe 040.exe
Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

040.exe040.exe

pid process

3596 040.exe
3596 040.exe
2020 040.exe
2020 040.exe
2020 040.exe
2020 040.exe
2020 040.exe
2020 040.exe
2020 040.exe
2020 040.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

3020
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

040.exe

pid process

2020 040.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

description pid process

Token: SeShutdownPrivilege 3020
Token: SeCreatePagefilePrivilege 3020
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

040.exe

pid process

3596 040.exe
3596 040.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

pid process

3020

description	pid	process	target process
PID 3596 set thread context of 2020	3596	040.exe	040.exe

pid	process
3020

pid	process
2020	040.exe

description	pid	process
Token: SeShutdownPrivilege	3020
Token: SeCreatePagefilePrivilege	3020

pid	process
3596	040.exe
3596	040.exe

pid	process
3020

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

040.exe040.exe

description	pid	process	target process
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 3596 wrote to memory of 2020	3596	040.exe	040.exe
PID 2020 wrote to memory of 3320	2020	040.exe	cmd.exe
PID 2020 wrote to memory of 3320	2020	040.exe	cmd.exe

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp9aaa7329.bat"
3⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\tmp9aaa7329.bat
Filesize
199B

MD5
ed3ceb95325ee477c0bbb4743d4bcec7

SHA1
3e0765ccc2d4c2c47a842cf781a90a91ffcae0ee

SHA256
6b5b261cc69d3211438c9a4f9c2d9bd595a7a00798e0839c424d700aee8c29b5

SHA512
0109c6cb1383722953511721a36a07bfa1b4d16588a88a36a3d9c4fbb8c6696fb1d9c32ae689bbbcf5cb4199ed98a457fd0b76f4b67b7b1f896effc33b0d3e0e

Download Submit
memory/2020-132-0x0000000000000000-mapping.dmp

Download
memory/2020-133-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/2020-136-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2020-137-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/2020-138-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/2020-140-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3020-141-0x0000000000ED0000-0x0000000000EDD000-memory.dmp

Filesize
52KB

Download
memory/3320-139-0x0000000000000000-mapping.dmp

Download
memory/3596-135-0x0000000002450000-0x0000000002454000-memory.dmp

Filesize
16KB

Download