Analysis
-
max time kernel
152s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 07:14
Static task
static1
Behavioral task
behavioral1
Sample
4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe
-
Size
1.0MB
-
MD5
6128b453f7d80237c07a07fc76a37f67
-
SHA1
f0d30ec91253ba409417f8266fd531b10aa4f261
-
SHA256
4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17
-
SHA512
62db0a292ce817f32029b3bab241424d895ab931ec347aa660a6751b51ac52bce51fbb6c3671fc5eaf425c8314da5d6be618f939818af675625a957d70089cc4
-
SSDEEP
12288:1Go3uZnCIh2zhgDiGtAvKIawdYHHS/swEsqcBynhkzLEkROAgbRMN:9eZnPMgDiGR/wOyQs0nhSLEcOAgCN
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe -
Suspicious use of AdjustPrivilegeToken 56 IoCs
description pid Process Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: 33 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe Token: SeIncBasePriorityPrivilege 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
pid Process 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe -
Suspicious use of SendNotifyMessage 6 IoCs
pid Process 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe 1628 4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe"C:\Users\Admin\AppData\Local\Temp\4bed1b3dd73c3e7a34b394c12fe0eacc92e1a77b1f758419a9087fde7512dd17.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1628