84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf

Analysis

max time kernel
139s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
Size

351KB
MD5

394ce7e3531de3dfef44cde776b8f181
SHA1

5332fa53cf5108ec64642d6440a56605f2bbc6c7
SHA256

84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf
SHA512

76b545c9b6caa8bc015f7af6664f78634c7c13937adcd1e5bdef9c281b068adcfe78cef752483a2979ecb817c282f2303023f9c92f2c7d83e72a93e846ee29be
SSDEEP

6144:Z5fCXgByDScqhUt1o8SEnejvD+V+/0O1qBuO2QycQquk99xyHxX:HCwBO1t1o8SEejNMEqN2xquk99Ux

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 5104 set thread context of 868	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	80
PID 868 set thread context of 816	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	81
PID 816 set thread context of 4120	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	83
PID 4120 set thread context of 4920	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	86

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
Token: SeDebugPrivilege	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
Token: SeDebugPrivilege	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
Token: SeDebugPrivilege	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
Token: SeDebugPrivilege	4920	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4832	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	79
PID 5104 wrote to memory of 4832	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	79
PID 5104 wrote to memory of 868	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	80
PID 5104 wrote to memory of 868	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	80
PID 5104 wrote to memory of 868	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	80
PID 5104 wrote to memory of 868	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	80
PID 5104 wrote to memory of 868	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	80
PID 5104 wrote to memory of 868	5104	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	80
PID 868 wrote to memory of 396	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	82
PID 868 wrote to memory of 396	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	82
PID 868 wrote to memory of 816	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	81
PID 868 wrote to memory of 816	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	81
PID 868 wrote to memory of 816	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	81
PID 868 wrote to memory of 816	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	81
PID 868 wrote to memory of 816	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	81
PID 868 wrote to memory of 816	868	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	81
PID 816 wrote to memory of 3856	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	84
PID 816 wrote to memory of 3856	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	84
PID 816 wrote to memory of 4120	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	83
PID 816 wrote to memory of 4120	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	83
PID 816 wrote to memory of 4120	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	83
PID 816 wrote to memory of 4120	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	83
PID 816 wrote to memory of 4120	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	83
PID 816 wrote to memory of 4120	816	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	83
PID 4120 wrote to memory of 4376	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	85
PID 4120 wrote to memory of 4376	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	85
PID 4120 wrote to memory of 4920	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	86
PID 4120 wrote to memory of 4920	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	86
PID 4120 wrote to memory of 4920	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	86
PID 4120 wrote to memory of 4920	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	86
PID 4120 wrote to memory of 4920	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	86
PID 4120 wrote to memory of 4920	4120	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	86
PID 4920 wrote to memory of 4848	4920	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	87
PID 4920 wrote to memory of 4848	4920	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	87
PID 4920 wrote to memory of 4872	4920	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	88
PID 4920 wrote to memory of 4872	4920	84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe	88

C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
"C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
  C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
  2⤵
  PID:4832
- C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
  C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:868
- - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
    C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
      C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        
        C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        
        C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        
        C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        
        C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
        6⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
      C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
      4⤵
      PID:3856
- - C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
    C:\Users\Admin\AppData\Local\Temp\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe
    3⤵
    PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\84ee4ca1f1c1f2e48d9796af3ae7ee4b4adb723f1c7e8db33bed1a14fc2b1acf.exe.log

Filesize
224B

MD5
1e4f2a29e11dead55e61329942cd2b14

SHA1
4b3ec9b98797d2f734d67b47cc149546f21cf0af

SHA256
28bbb0da12bd69adc9df324c01392655b788115aba7466f02c23e1ba09f789d4

SHA512
2e28227d898486bfe1cea081df486464b214df50500786e30d6ee9e7d6391f3aacd2f1ed1d0eab60d518bbc79f20f32c226f00ffd70abfe9af45a746cb08416c

Download Submit
memory/816-137-0x00007FFC16930000-0x00007FFC17366000-memory.dmp

Filesize
10.2MB

Download
memory/868-134-0x00007FFC16930000-0x00007FFC17366000-memory.dmp

Filesize
10.2MB

Download
memory/4120-139-0x00007FFC16930000-0x00007FFC17366000-memory.dmp

Filesize
10.2MB

Download
memory/4920-141-0x00007FFC16930000-0x00007FFC17366000-memory.dmp

Filesize
10.2MB

Download
memory/5104-132-0x00007FFC16930000-0x00007FFC17366000-memory.dmp

Filesize
10.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads