7cbdf60e0e769f91ee7bd57128bca8522e93901f907c9cdd5433724ad2333552

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 08:15

Target

7cbdf60e0e769f91ee7bd57128bca8522e93901f907c9cdd5433724ad2333552.exe
Size

268KB
MD5

8829a8af4a9f1657fd6871e06a82866e
SHA1

8fe0e48d818c8ef2b8d1211eeb0145408aa257f7
SHA256

7cbdf60e0e769f91ee7bd57128bca8522e93901f907c9cdd5433724ad2333552
SHA512

08db0c712db092d718343bf9b668ed3b4481a8ae941f41229c5eecd81606287deb849951d79cb3997b1261a404f47f844f159aff86bb6723bb12c8bd08d49230
SSDEEP

3072:cMNsQNxJUJTp2E+qvFuIoF1PYUGQQEKGLY+q+XrNJd2/GP+ohCvirEqYVvoKznPe:yQOpkpNJS6j2oKznLL9baIodb/VRwa

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1948-55-0x0000000000400000-0x000000000046B000-memory.dmp	upx
behavioral1/memory/1948-57-0x0000000000400000-0x000000000046B000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1948	7cbdf60e0e769f91ee7bd57128bca8522e93901f907c9cdd5433724ad2333552.exe

C:\Users\Admin\AppData\Local\Temp\7cbdf60e0e769f91ee7bd57128bca8522e93901f907c9cdd5433724ad2333552.exe
"C:\Users\Admin\AppData\Local\Temp\7cbdf60e0e769f91ee7bd57128bca8522e93901f907c9cdd5433724ad2333552.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1948

memory/1948-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/1948-55-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/1948-56-0x0000000000330000-0x000000000039B000-memory.dmp

Filesize
428KB

Download
memory/1948-57-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/1948-58-0x0000000000330000-0x000000000033D000-memory.dmp

Filesize
52KB

Download