afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 07:25

Target

afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056.exe
Size

453KB
MD5

6f1d9db18893f2cfaee9bd59a0ae4fe3
SHA1

879a89d974814d2f4117d2d4798610a8d9a17193
SHA256

afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056
SHA512

d1d8aa4c56c5d11c9e1615480f0057a2e663a04d6de34f856b82854652093cfdc34daa752f5247da5a44502d4ebb6a9cfb64ea863db5b40211951bd9edb6f593
SSDEEP

6144:7vaqS4IR/kviXzd45seH6zdi69hxMwjPVl0x55TurrU41APIJgU6Xozwdab0BXlR:W/kviXzdcH6N9h/Vl45aPU4EEkdBbR

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
3328	iobwnedxjvdevl.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3328	iobwnedxjvdevl.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3328	iobwnedxjvdevl.exe
3328	iobwnedxjvdevl.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 3328	2484	afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056.exe	76
PID 2484 wrote to memory of 3328	2484	afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056.exe	76

C:\Users\Admin\AppData\Local\Temp\afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056.exe
"C:\Users\Admin\AppData\Local\Temp\afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe
  "C:\Users\Admin\AppData\Local\Temp\\iobwnedxjvdevl.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3328

C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe

Filesize
11KB

MD5
012c637753ac0d8a386081dfe410b909

SHA1
41fe035f1a2f8bc19ad18d24c1195b13935af362

SHA256
1c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17

SHA512
ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
453KB

MD5
6f1d9db18893f2cfaee9bd59a0ae4fe3

SHA1
879a89d974814d2f4117d2d4798610a8d9a17193

SHA256
afcbd91180b77f5ebdd32a99b3d8833caf8c1941585ab76c9cfc600a2af84056

SHA512
d1d8aa4c56c5d11c9e1615480f0057a2e663a04d6de34f856b82854652093cfdc34daa752f5247da5a44502d4ebb6a9cfb64ea863db5b40211951bd9edb6f593

Download Submit
memory/3328-134-0x00007FFF370B0000-0x00007FFF37AE6000-memory.dmp

Filesize
10.2MB

Download
memory/3328-136-0x000000000122A000-0x000000000122F000-memory.dmp

Filesize
20KB

Download
memory/3328-137-0x000000000122A000-0x000000000122F000-memory.dmp

Filesize
20KB

Download