089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1

Analysis

max time kernel
107s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
Size

2.3MB
MD5

686df444b5aba01a73b427ce6e1457ae
SHA1

0c8fbdfa9f81585f0a7752ad0175ddb317bb24d7
SHA256

089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1
SHA512

159e766a9f8a673f5964c9f27654c0833d2a9162bc53e070351e932206c3a962937b12835efa556e06de48e43924da2903ff83dca6514fe3df2fe0db121e9ec0
SSDEEP

24576:pwYZ4kGOYTnTDolUaNcTkkD9iSe87AAFmHs205LvLTV:uYpYTTDoXNcVoSe87FFmHB05Lv

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe

description	pid	process	target process
PID 700 set thread context of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe

description pid process

Token: SeDebugPrivilege 700 089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe

description	pid	process
Token: SeDebugPrivilege	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe

description	pid	process	target process
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
PID 700 wrote to memory of 324	700	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe	089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe

C:\Users\Admin\AppData\Local\Temp\089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
"C:\Users\Admin\AppData\Local\Temp\089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:700

C:\Users\Admin\AppData\Local\Temp\089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
C:\Users\Admin\AppData\Local\Temp\089591f99c69e6171f1cdf225fbf69c7fd35eea67cf6a6e7c87651484378f5d1.exe
2⤵
PID:324

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/324-56-0x000000000040749E-mapping.dmp

Download
memory/700-54-0x00000000009C0000-0x0000000000C0A000-memory.dmp

Filesize
2.3MB

Download