9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169

Analysis

max time kernel
124s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 05:37

Target

9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe
Size

218KB
MD5

83a82a2522657fb6f48627e7b8ccb13a
SHA1

bef78c9433849c4b3052f8ad1b103d7fef9a4724
SHA256

9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169
SHA512

d8e82b483eeb8de9d9625096aec3bad317e3e02fc45540f35b9ecd794c7c3e997954472ccb0a0fb2867e94020fe60229033b84592f91b087fa7b4ce6d0f72d6d
SSDEEP

6144:TU9zKH8b4cWRB0Obi51CcCCGWFALoidMUc+:TI6cSaFvCC6LoidTc

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2012	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2532 set thread context of 2012	2532	9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe	82

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2532	9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2012	2532	9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe	82
PID 2532 wrote to memory of 2012	2532	9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe	82
PID 2532 wrote to memory of 2012	2532	9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe	82
PID 2532 wrote to memory of 2012	2532	9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe	82

C:\Users\Admin\AppData\Local\Temp\9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe
"C:\Users\Admin\AppData\Local\Temp\9e4a21031c25ac26d85803bd904c4f3ba2816648b7d264ff9d2b919fca499169.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  - Deletes itself
  PID:2012

memory/2532-132-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2532-133-0x0000000002210000-0x0000000002266000-memory.dmp

Filesize
344KB

Download
memory/2532-134-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2532-135-0x0000000002210000-0x0000000002266000-memory.dmp

Filesize
344KB

Download
memory/2532-137-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download