2e30619a9c0e6d353a6364fa8c2eed03ee10eaeb37999f084ff6c117b7e1a39d

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61ecedf033858c2312ca797dc967cfd8.exe
Size

644KB
MD5

61ecedf033858c2312ca797dc967cfd8
SHA1

a0879ec473b6a8449865f016dd03a84e5f985281
SHA256

2e30619a9c0e6d353a6364fa8c2eed03ee10eaeb37999f084ff6c117b7e1a39d
SHA512

6a4068d09184f885fd42ae6187ae3fc2e4ec4ffb4c566862bc3920d24fab3af64fa781f4a48734c300b4a4810245b58eaa274a5ea2ba94cf207d510ad641664a
SSDEEP

12288:7g1y5GMSe1yIhVFbnDuCB4karTf45PJrczthzmTUHLz9cjJJOdhwA:s1yEGVFbnWZXeJXTOz9cNDA

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

61ecedf033858c2312ca797dc967cfd8.exe

pid	process
1724	61ecedf033858c2312ca797dc967cfd8.exe
1724	61ecedf033858c2312ca797dc967cfd8.exe
1724	61ecedf033858c2312ca797dc967cfd8.exe
1724	61ecedf033858c2312ca797dc967cfd8.exe
1724	61ecedf033858c2312ca797dc967cfd8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

61ecedf033858c2312ca797dc967cfd8.exe

description pid process

Token: SeDebugPrivilege 1724 61ecedf033858c2312ca797dc967cfd8.exe

description	pid	process
Token: SeDebugPrivilege	1724	61ecedf033858c2312ca797dc967cfd8.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

61ecedf033858c2312ca797dc967cfd8.exe

C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe
"C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1724

C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe
"C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe"
2⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe
"C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe"
2⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe
"C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe"
2⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe
"C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe"
2⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe
"C:\Users\Admin\AppData\Local\Temp\61ecedf033858c2312ca797dc967cfd8.exe"
2⤵
PID:684

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-54-0x00000000003F0000-0x0000000000498000-memory.dmp

Filesize
672KB

Download
memory/1724-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download
memory/1724-56-0x0000000004E00000-0x0000000004EC0000-memory.dmp

Filesize
768KB

Download
memory/1724-57-0x00000000004C0000-0x00000000004DA000-memory.dmp

Filesize
104KB

Download
memory/1724-58-0x00000000004F0000-0x00000000004FE000-memory.dmp

Filesize
56KB

Download
memory/1724-59-0x0000000005ED0000-0x0000000005F52000-memory.dmp

Filesize
520KB

Download
memory/1724-60-0x00000000047D0000-0x0000000004818000-memory.dmp

Filesize
288KB

Download

description	pid	process	target process
PID 1724 wrote to memory of 880	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 880	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 880	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 880	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1240	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1240	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1240	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1240	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1072	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1072	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1072	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 1072	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 584	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 584	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 584	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 584	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 684	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 684	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 684	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe
PID 1724 wrote to memory of 684	1724	61ecedf033858c2312ca797dc967cfd8.exe	61ecedf033858c2312ca797dc967cfd8.exe