af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102

Analysis

max time kernel
190s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 11:02

Target

af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102.exe
Size

459KB
MD5

12c26f36270d75f6c6f5459017a452ee
SHA1

1297187b96c2b364d7ff6f04c31d9f2efc65a84a
SHA256

af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102
SHA512

58cdcdc8b6452868e1cc9dc007dea35c87f1b0ae55d5123ad4122a88606d936689f5f18a5bdd876927f215c78f1283aa1d6bb5e418becca6e834ab95a59f3787
SSDEEP

12288:QEJc3NtO7cP9wzlVVBnDrmOdxZzukO9VmBCB+:AtOAyzzvn+4kkyV+

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
240	xtjbsatzvegxca.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	240	xtjbsatzvegxca.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
240	xtjbsatzvegxca.exe
240	xtjbsatzvegxca.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 240	632	af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102.exe	82
PID 632 wrote to memory of 240	632	af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102.exe	82

C:\Users\Admin\AppData\Local\Temp\af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102.exe
"C:\Users\Admin\AppData\Local\Temp\af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Users\Admin\AppData\Local\Temp\dddslgczsldg\xtjbsatzvegxca.exe
  "C:\Users\Admin\AppData\Local\Temp\dddslgczsldg\xtjbsatzvegxca.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:240

C:\Users\Admin\AppData\Local\Temp\dddslgczsldg\parent.txt

Filesize
459KB

MD5
12c26f36270d75f6c6f5459017a452ee

SHA1
1297187b96c2b364d7ff6f04c31d9f2efc65a84a

SHA256
af61d6c0d7d36d9b28a053d293a659856e8bcf398d1c9813dbf0eb6ad7197102

SHA512
58cdcdc8b6452868e1cc9dc007dea35c87f1b0ae55d5123ad4122a88606d936689f5f18a5bdd876927f215c78f1283aa1d6bb5e418becca6e834ab95a59f3787

Download Submit
C:\Users\Admin\AppData\Local\Temp\dddslgczsldg\xtjbsatzvegxca.exe

Filesize
7KB

MD5
3b1d3da580167781b8c3e1d3d4e1d0a4

SHA1
7a85968bc68d12650c16d3a85a20b92a8a51fa23

SHA256
5f1e1653439acfbaba0e04c7464032ce7e3c42fffadba9ddb5ccc9441ec73114

SHA512
6e1a602a73eb1d16ea458b3af59951c6c390b972396f2a57ef4b544c4dbee125c8f083bd5f0af6531c575d79ef79f23fd94ff95d8dc9eeb3129c4bf3e198c86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\dddslgczsldg\xtjbsatzvegxca.exe

Filesize
7KB

MD5
3b1d3da580167781b8c3e1d3d4e1d0a4

SHA1
7a85968bc68d12650c16d3a85a20b92a8a51fa23

SHA256
5f1e1653439acfbaba0e04c7464032ce7e3c42fffadba9ddb5ccc9441ec73114

SHA512
6e1a602a73eb1d16ea458b3af59951c6c390b972396f2a57ef4b544c4dbee125c8f083bd5f0af6531c575d79ef79f23fd94ff95d8dc9eeb3129c4bf3e198c86c

Download Submit
memory/240-135-0x000000001BC30000-0x000000001C666000-memory.dmp

Filesize
10.2MB

Download
memory/240-136-0x0000000000B3A000-0x0000000000B3F000-memory.dmp

Filesize
20KB

Download
memory/240-138-0x0000000000B3A000-0x0000000000B3F000-memory.dmp

Filesize
20KB

Download