02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05

Analysis

max time kernel
33s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
Size

784KB
MD5

a3358ec5693882fb9da9a031fcf74f97
SHA1

c359edad98f3e3ee8c6133116e8c561f5ffe7aea
SHA256

02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05
SHA512

8a42711b2c82ff587a94be1b836073214b75779b05ab6c68576079f50b94dc9387b9854c633baec3583619d46e875ce0807fd08049e5d5523d906b07b2e02b33
SSDEEP

12288:NPprdT9bQ8dZpI0+64M++I8QX7BIXVpQWsNTADQjL9QWi8pVrc1NfpHsVfdc:nQ8Wht+IJXzTRjJQJ8phcO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 2040	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	28
PID 964 wrote to memory of 2040	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	28
PID 964 wrote to memory of 2040	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	28
PID 964 wrote to memory of 2040	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	28
PID 964 wrote to memory of 1104	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	29
PID 964 wrote to memory of 1104	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	29
PID 964 wrote to memory of 1104	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	29
PID 964 wrote to memory of 1104	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	29
PID 964 wrote to memory of 1232	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	30
PID 964 wrote to memory of 1232	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	30
PID 964 wrote to memory of 1232	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	30
PID 964 wrote to memory of 1232	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	30
PID 964 wrote to memory of 1304	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	31
PID 964 wrote to memory of 1304	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	31
PID 964 wrote to memory of 1304	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	31
PID 964 wrote to memory of 1304	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	31
PID 964 wrote to memory of 1140	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	32
PID 964 wrote to memory of 1140	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	32
PID 964 wrote to memory of 1140	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	32
PID 964 wrote to memory of 1140	964	02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe	32

C:\Users\Admin\AppData\Local\Temp\02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
"C:\Users\Admin\AppData\Local\Temp\02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:964
- C:\Users\Admin\AppData\Local\Temp\02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
  "{path}"
  2⤵
  PID:2040
- C:\Users\Admin\AppData\Local\Temp\02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
  "{path}"
  2⤵
  PID:1104
- C:\Users\Admin\AppData\Local\Temp\02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
  "{path}"
  2⤵
  PID:1232
- C:\Users\Admin\AppData\Local\Temp\02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
  "{path}"
  2⤵
  PID:1304
- C:\Users\Admin\AppData\Local\Temp\02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05.exe
  "{path}"
  2⤵
  PID:1140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x00000000003E0000-0x00000000004AA000-memory.dmp

Filesize
808KB

Download
memory/964-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/964-56-0x00000000003D0000-0x00000000003E2000-memory.dmp

Filesize
72KB

Download
memory/964-57-0x0000000004E70000-0x0000000004ED6000-memory.dmp

Filesize
408KB

Download
memory/964-58-0x00000000008E0000-0x00000000008F4000-memory.dmp

Filesize
80KB

Download