46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4

Analysis

max time kernel
384s
max time network
474s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 16:34

Target

46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe
Size

6KB
MD5

cca0a2bfb06bd6f34084d7b3252210c8
SHA1

a5c1616a568659d0e0fbf78f55538bae818c7867
SHA256

46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4
SHA512

eb80b39a28edd834b3f9a62c62106a1e7e130f45cd25c844c9dc345fcd67358a6ff95b08e7b2c03bd6bb62a7193f62a43a29d35ea52438ed7dcf424071a94a04
SSDEEP

96:u9+15vXfuPvmUPg8OCJ1tolwHZDAkiIQsfOLMAdPEcVfknTNbUrV1aTap:GGP2rg8W2ZDr4MuEc1gap

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

taskmgr.exe

pid process

4532 taskmgr.exe

pid	process
4532	taskmgr.exe

Drops file in Program Files directory 3 IoCs

Processes:

46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exetaskmgr.exe

description	ioc	process
File created	C:\Program Files\Windows NT\Accessories\taskmgr.exe	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe
File opened for modification	C:\Program Files\Windows NT\Accessories\taskmgr.exe	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe
File opened for modification	C:\Program Files\Windows NT\Accessories\mswrd4.wpc	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskmgr.exe46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe

description	pid	process
Token: SeIncBasePriorityPrivilege	4532	taskmgr.exe
Token: SeDebugPrivilege	4532	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1984	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe

description	pid	process	target process
PID 1984 wrote to memory of 4532	1984	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe	taskmgr.exe
PID 1984 wrote to memory of 4532	1984	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe	taskmgr.exe
PID 1984 wrote to memory of 4532	1984	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe	taskmgr.exe
PID 1984 wrote to memory of 816	1984	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe	cmd.exe
PID 1984 wrote to memory of 816	1984	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe	cmd.exe
PID 1984 wrote to memory of 816	1984	46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4.exe	cmd.exe

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\46034E~1.EXE > nul
2⤵
PID:816

C:\Program Files\Windows NT\Accessories\taskmgr.exe
Filesize
6KB

MD5
cca0a2bfb06bd6f34084d7b3252210c8

SHA1
a5c1616a568659d0e0fbf78f55538bae818c7867

SHA256
46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4

SHA512
eb80b39a28edd834b3f9a62c62106a1e7e130f45cd25c844c9dc345fcd67358a6ff95b08e7b2c03bd6bb62a7193f62a43a29d35ea52438ed7dcf424071a94a04

Download Submit
C:\Program Files\Windows NT\Accessories\taskmgr.exe
Filesize
6KB

MD5
cca0a2bfb06bd6f34084d7b3252210c8

SHA1
a5c1616a568659d0e0fbf78f55538bae818c7867

SHA256
46034e7cd85d8ce2c9e0d15d6719287b0bf021c491217fff3637da76347529a4

SHA512
eb80b39a28edd834b3f9a62c62106a1e7e130f45cd25c844c9dc345fcd67358a6ff95b08e7b2c03bd6bb62a7193f62a43a29d35ea52438ed7dcf424071a94a04

Download Submit
memory/816-135-0x0000000000000000-mapping.dmp

Download
memory/4532-132-0x0000000000000000-mapping.dmp

Download