a4392c3be6ba337f370c0b2170bf46c6c65f0054304f355d40b0b7fffec718e4

Analysis

max time kernel
84s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 15:56

Target

hbuIgEcnzT30Uma.exe
Size

828KB
MD5

0e3d9093a78c09e35a878781b8324dce
SHA1

8edccec93f1f626b72794d41308dc019d79c361b
SHA256

a4392c3be6ba337f370c0b2170bf46c6c65f0054304f355d40b0b7fffec718e4
SHA512

cecdd4049457492d7c564d3180e9ad791f574291fb19575fdbc5ef1bac382492c99a215c2dd1a9ce5dbc1c1c90ed7bc3033988536b56d8198f45deddd7d6923b
SSDEEP

12288:JYCcinkg586aWHffUlllYUJ1Q0ydOML09Vjc4eEWBd9njk/:WCZnB5O8fUlQoyVWWVJ+

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

hbuIgEcnzT30Uma.exe

pid process

956 hbuIgEcnzT30Uma.exe
956 hbuIgEcnzT30Uma.exe
956 hbuIgEcnzT30Uma.exe
956 hbuIgEcnzT30Uma.exe
956 hbuIgEcnzT30Uma.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

hbuIgEcnzT30Uma.exe

description pid process

Token: SeDebugPrivilege 956 hbuIgEcnzT30Uma.exe

description	pid	process
Token: SeDebugPrivilege	956	hbuIgEcnzT30Uma.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

hbuIgEcnzT30Uma.exe

description	pid	process	target process
PID 956 wrote to memory of 1124	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1124	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1124	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1124	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 560	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 560	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 560	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 560	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1176	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1176	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1176	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1176	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1476	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1476	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1476	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 1476	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 900	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 900	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 900	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe
PID 956 wrote to memory of 900	956	hbuIgEcnzT30Uma.exe	hbuIgEcnzT30Uma.exe

C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe
"C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe"
2⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe
"C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe"
2⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe
"C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe"
2⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe
"C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe"
2⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe
"C:\Users\Admin\AppData\Local\Temp\hbuIgEcnzT30Uma.exe"
2⤵
PID:900

memory/956-54-0x0000000000040000-0x0000000000116000-memory.dmp

Filesize
856KB

Download
memory/956-55-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/956-56-0x00000000005A0000-0x00000000005B6000-memory.dmp

Filesize
88KB

Download
memory/956-57-0x0000000000600000-0x000000000060E000-memory.dmp

Filesize
56KB

Download
memory/956-58-0x00000000050B0000-0x0000000005130000-memory.dmp

Filesize
512KB

Download
memory/956-59-0x0000000001EA0000-0x0000000001EE6000-memory.dmp

Filesize
280KB

Download