cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda

Analysis

max time kernel
185s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:32

Target

cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
Size

198KB
MD5

7beffa3c2e4abbe6464f42d6903fe8a3
SHA1

8d9a9bf2671433d55288decd19e0d28a20b30edf
SHA256

cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda
SHA512

165ecfb6a773e76368fabb7fa5f057c29ec31eac15ee7e02b9b07637dfef3d8db2cdd5a5f3612a7a0fe87180b62e658c26bdc0c3384c059fd7ec4cc27af5ea7f
SSDEEP

3072:edDvAv5nRN47EX5gsJz6GZrBQg8DEll65FwGKbzKDwh/sE03juWvWDAvq:Yy+iz1tS4lYKbccUECyWvxvq

Score

7^/10

Unexpected DNS network traffic destination 2 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	83.133.123.20
Destination IP	83.133.123.20

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2632	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
Token: SeDebugPrivilege	4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
Token: SeDebugPrivilege	4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 2632	4320	cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe	70

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2632
- C:\Users\Admin\AppData\Local\Temp\cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe
  "C:\Users\Admin\AppData\Local\Temp\cf0177bf627b402d6b5c7d982c08b048b22b55a8188783081f4a184c85ab5cda.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4320

memory/4320-133-0x0000000000520000-0x0000000000562000-memory.dmp

Filesize
264KB

Download
memory/4320-132-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4320-134-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download