5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90

Analysis

max time kernel
274s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 17:49

Target

5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe
Size

1.7MB
MD5

30bfef26fc5534fa14f9b49dce1326e1
SHA1

77cacad9da906efcd52f04baaf915ffc7f752bf4
SHA256

5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90
SHA512

025e1576ae92c1873d3747b260ef8344201beceb621f661a0af98012f97df2edc1768ea188e209704be92b09f8c031a3ef9380e5850958d0b7808e3f9d9bffeb
SSDEEP

12288:0JFsMWlD6Vw8oL11cbGWwFlbKfKQ+8cG1MHf8Y99LZQW2:0TsMUDlp11zgOF63Y99lQW

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe

pid	process
224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe
224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe
224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe
224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe
224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe

description	pid	process
Token: SeDebugPrivilege	224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe
Token: 33	224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe
Token: SeIncBasePriorityPrivilege	224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe

description	pid	process	target process
PID 224 wrote to memory of 5000	224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe	cmd.exe
PID 224 wrote to memory of 5000	224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe	cmd.exe
PID 224 wrote to memory of 5000	224	5aaa85cd2b644c641ebd2e5f42d11229f46314a4cfea47268d9565ff99c72f90.exe	cmd.exe

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\FolderName\mata.bat
2⤵
PID:5000

memory/224-132-0x0000000075240000-0x00000000757F1000-memory.dmp

Filesize
5.7MB

Download
memory/224-133-0x0000000075240000-0x00000000757F1000-memory.dmp

Filesize
5.7MB

Download
memory/5000-134-0x0000000000000000-mapping.dmp

Download