720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:41

Target

720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe
Size

831KB
MD5

e953ff4f8ff763769d721e54ee2058d3
SHA1

6ecb5163c55acd5cebfd070ad500e2696e1a4416
SHA256

720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05
SHA512

edadb65e8f37837065392e7c9b0a9742a6011f36723a84010f7353eada7551589ee839c3a0b8520d4113aef5c77bd28c37cbd6978dfcbfd5bacef6a6a90ebe6d
SSDEEP

12288:wnpaODJZfcaxqAiRkjiGCF6po3//GSYZxfO/dW1oYYRViU8yMmAlN2oc85SAX:wjqAiGj1CF6pod/BY+yyfeXcATX

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
848	~GM1259.exe

Loads dropped DLL 1 IoCs

pid	Process
1504	720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1504	720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 848	1504	720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe	27
PID 1504 wrote to memory of 848	1504	720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe	27
PID 1504 wrote to memory of 848	1504	720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe	27
PID 1504 wrote to memory of 848	1504	720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe	27

C:\Users\Admin\AppData\Local\Temp\720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe
"C:\Users\Admin\AppData\Local\Temp\720614193688cf94613571b789571ca3a361dcb65abc0ea74db7a809a0907a05.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Users\Admin\AppData\Local\Temp\~GM1259.exe
  "C:\Users\Admin\AppData\Local\Temp\~GM1259.exe"
  2⤵
  - Executes dropped EXE
  PID:848

C:\Users\Admin\AppData\Local\Temp\~GM1259.exe

Filesize
523KB

MD5
c279e8d9165876fc9204367d4ca56345

SHA1
d54b01ea6c00c8b0210b83aa7bd808078f8298a3

SHA256
dde7278d15a104a6028e623d0ae9bd1e0070ce8ba26d3e6b15269191e5ea4a0a

SHA512
b9597a45e17c8fc3917966906c8b7c5e42384fd40cb10e06c95dbb75a01653ccdb6ad911cf971e8960c30582daafe8f8c721467dd42a110f8ea7c34f803ea832

Download Submit
\Users\Admin\AppData\Local\Temp\~GM1259.exe

Filesize
523KB

MD5
c279e8d9165876fc9204367d4ca56345

SHA1
d54b01ea6c00c8b0210b83aa7bd808078f8298a3

SHA256
dde7278d15a104a6028e623d0ae9bd1e0070ce8ba26d3e6b15269191e5ea4a0a

SHA512
b9597a45e17c8fc3917966906c8b7c5e42384fd40cb10e06c95dbb75a01653ccdb6ad911cf971e8960c30582daafe8f8c721467dd42a110f8ea7c34f803ea832

Download Submit
memory/848-60-0x0000000000400000-0x000000000060A000-memory.dmp

Filesize
2.0MB

Download
memory/1504-54-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download
memory/1504-59-0x0000000000D10000-0x0000000000F1A000-memory.dmp

Filesize
2.0MB

Download