e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db

Analysis

max time kernel
90s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 14:17

Target

e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db.exe
Size

445KB
MD5

994985f5568f7ec753de47f3b021e3d3
SHA1

0f68752690ca6441f4b3a606ff601379fbd38eb8
SHA256

e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db
SHA512

ed045fa77d69d81372bb72365a9d242d47a30fa2b9e68a826ee6547d93f0652573ce3cd77fe894e26f8689b0f5a315c3f296a37a499c2be3a2833c4c2861ac21
SSDEEP

12288:UV5qLYvMcwTBq3WULk9cJP3LR2nwlRfODYQ:AqW0TBq3jvLR2wrODYQ

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
3940	bs_server.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	\??\c:\windows\syem32\drives\revres_sb.dll	bs_server.exe
File created	\??\c:\windows\syem32\drives\bs_server.exe	cmd.exe
File opened for modification	\??\c:\windows\syem32\drives\bs_server.exe	cmd.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 2444	428	e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db.exe	80
PID 428 wrote to memory of 2444	428	e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db.exe	80
PID 428 wrote to memory of 2444	428	e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db.exe	80
PID 3940 wrote to memory of 1680	3940	bs_server.exe	57
PID 3940 wrote to memory of 1076	3940	bs_server.exe	43
PID 3940 wrote to memory of 612	3940	bs_server.exe	3
PID 428 wrote to memory of 1780	428	e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db.exe	83
PID 428 wrote to memory of 1780	428	e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db.exe	83
PID 428 wrote to memory of 1780	428	e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db.exe	83

C:\Windows\syem32\drives\bs_server.exe

Filesize
445KB

MD5
994985f5568f7ec753de47f3b021e3d3

SHA1
0f68752690ca6441f4b3a606ff601379fbd38eb8

SHA256
e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db

SHA512
ed045fa77d69d81372bb72365a9d242d47a30fa2b9e68a826ee6547d93f0652573ce3cd77fe894e26f8689b0f5a315c3f296a37a499c2be3a2833c4c2861ac21

Download Submit
\??\c:\del.bat

Filesize
248B

MD5
a281b9ad2245d4e7fc2cd68d0b71491a

SHA1
9f2a1b1adbaa803e0fe63da797ba0bbcdf99f8db

SHA256
9fd7970e41ed34ee6e1b87a984bd4a1a7309f29f852f853223478731d9120ffe

SHA512
ab52612b8b42e6d7e7b0c977e477deac93f821d32a89793af23c5e0ffcdf0c0a2bbe0968103f20d21b58561fcdc2fa91aa443c20d1a9feca845ba173f79e945e

Download Submit
\??\c:\tem.bat

Filesize
160B

MD5
d7fd42541f66a27787984f9621c1e4fd

SHA1
848876966a37b1b0e692b6a5e6ca00aad77c3dca

SHA256
0f48ebae4e6bdeb36a61c8701b508abfd5d05b7cbf58d1772387a69c41397952

SHA512
3365f9db7a37b6daa2394467e9c2521a3a52b2dee13cf981a87fb8967f96e96ad4cfeb14c191a7b1e7899b558e41a6eee176fe6f9257a15cd8f74286531b55ff

Download Submit
\??\c:\windows\syem32\drives\bs_server.exe

Filesize
445KB

MD5
994985f5568f7ec753de47f3b021e3d3

SHA1
0f68752690ca6441f4b3a606ff601379fbd38eb8

SHA256
e5b1ad09aa2d29a063a74b8c328410faa44d63965c150fc4d31ae7d52accb4db

SHA512
ed045fa77d69d81372bb72365a9d242d47a30fa2b9e68a826ee6547d93f0652573ce3cd77fe894e26f8689b0f5a315c3f296a37a499c2be3a2833c4c2861ac21

Download Submit