4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
Size

96KB
MD5

2ca52f3cc07363063db01a026b273a80
SHA1

a8428bf7a28e6c8daad18d4604c22ad4fe4eedf2
SHA256

4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779
SHA512

d9efc481fd07fc7bed353dfdb472b5ed06a64a64f60263380bc66ff5cfcbb8a16bbab0fec12e825e4d6d5765ba8be0f73ded53bf338cf85615c29e920502d700
SSDEEP

1536:r1/F8CpxMCAgF9DLi+DOGL2NJJhVHYb9:JH2+DOGKJvs9

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe

description	pid	process	target process
PID 1584 set thread context of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe

description pid process

Token: SeDebugPrivilege 1584 4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe

description	pid	process
Token: SeDebugPrivilege	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe

description	pid	process	target process
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
PID 1584 wrote to memory of 1948	1584	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe	4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe

C:\Users\Admin\AppData\Local\Temp\4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
"C:\Users\Admin\AppData\Local\Temp\4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1584

C:\Users\Admin\AppData\Local\Temp\4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
C:\Users\Admin\AppData\Local\Temp\4c9712069db7e8568caed8023e3742676cc7aecda48ac6f2422ad6fefdd8c779.exe
2⤵
PID:1948

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1584-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1584-55-0x0000000074300000-0x00000000748AB000-memory.dmp

Filesize
5.7MB

Download
memory/1584-58-0x0000000074300000-0x00000000748AB000-memory.dmp

Filesize
5.7MB

Download
memory/1948-57-0x0000000000408B0E-mapping.dmp

Download