Analysis
-
max time kernel
152s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27-11-2022 12:56
Behavioral task
behavioral1
Sample
103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe
Resource
win10v2004-20220812-en
General
-
Target
103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe
-
Size
3.7MB
-
MD5
ed0ee4fc304cd842c9f6195a9c7116e4
-
SHA1
dddd35673a71deb7d2f379605b80ef02a94301cf
-
SHA256
103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701
-
SHA512
f390c6d6784e22bebbe585326af7dbe1bc3a5ce852c9a84fc3284bbfefde6f4fe199b1bd07792c3b3436822b333687ae9a675c6ce80d475dfab0b24b2e0b1a28
-
SSDEEP
98304:6P/kTUx5T1TaGjY/V9m5qoU8xbWvsvujvrZBlZ:6P/k4x5Z7m9iqoU8xblujvVZ
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1640-55-0x00000000003B0000-0x0000000000CD5000-memory.dmp vmprotect behavioral1/memory/1640-59-0x00000000003B0000-0x0000000000CD5000-memory.dmp vmprotect behavioral1/memory/1640-60-0x00000000003B0000-0x0000000000CD5000-memory.dmp vmprotect -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exedescription pid process Token: SeShutdownPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe Token: SeDebugPrivilege 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exepid process 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe 1640 103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe"C:\Users\Admin\AppData\Local\Temp\103fb59fd4123c61cba74ce0a1bd9488f2b99bcc2eb3dbec82241753b0496701.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1640-54-0x0000000075071000-0x0000000075073000-memory.dmpFilesize
8KB
-
memory/1640-55-0x00000000003B0000-0x0000000000CD5000-memory.dmpFilesize
9.1MB
-
memory/1640-59-0x00000000003B0000-0x0000000000CD5000-memory.dmpFilesize
9.1MB
-
memory/1640-60-0x00000000003B0000-0x0000000000CD5000-memory.dmpFilesize
9.1MB