b0c21e787b50b3c86a317c118f69aec1dfd9db4c67c3f852c1efe7bccd9561ff

Analysis

max time kernel
114s
max time network
151s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 20:09

Target

b0c21e787b50b3c86a317c118f69aec1dfd9db4c67c3f852c1efe7bccd9561ff.exe
Size

29KB
MD5

0a77509f81639fc9b808df71714a87ff
SHA1

a30911fdc69117b39e883ac7f8689e2c374e2b7f
SHA256

b0c21e787b50b3c86a317c118f69aec1dfd9db4c67c3f852c1efe7bccd9561ff
SHA512

303a3c4d1809f8a19e6125da15f3735f0ae9bcec89286283b8a3f33a45730e211b4f2afcc45f0c9223cf2b75fcc9e0fe2f24ef5a58bb5861f09850fbec8f9618
SSDEEP

768:37fIucapUAsfRuBZkm20BSHLHA874yQA0:sOpUAIqkmBbQ4yK

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1776-55-0x0000000010000000-0x000000001002B000-memory.dmp	upx
behavioral1/memory/1776-56-0x0000000010000000-0x000000001002B000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1776	b0c21e787b50b3c86a317c118f69aec1dfd9db4c67c3f852c1efe7bccd9561ff.exe
Token: SeShutdownPrivilege	1776	b0c21e787b50b3c86a317c118f69aec1dfd9db4c67c3f852c1efe7bccd9561ff.exe

C:\Users\Admin\AppData\Local\Temp\b0c21e787b50b3c86a317c118f69aec1dfd9db4c67c3f852c1efe7bccd9561ff.exe
"C:\Users\Admin\AppData\Local\Temp\b0c21e787b50b3c86a317c118f69aec1dfd9db4c67c3f852c1efe7bccd9561ff.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1776

memory/1776-54-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download
memory/1776-55-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download
memory/1776-56-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download