007da5cb25a7ac030d0e3d0d82a1cd09a069bdb607b6f44ea8538c12ba048aae

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
09-12-2022 10:01

Target

2.exe
Size

1013KB
MD5

aeb84c66c380f458395b68d85f218220
SHA1

1ffa13296624fafa20a932854382384745520fc4
SHA256

007da5cb25a7ac030d0e3d0d82a1cd09a069bdb607b6f44ea8538c12ba048aae
SHA512

3d4d91e03163d2d526307b56211e760194e192ebae2b266133945243ffaf76a63330aab2d4563e863f88c1a474b7f8e190ca8bb7be3823c0034d274918b58c3c
SSDEEP

24576:eWfCE1Dg/WbBWVVl52uLAZwFWBfYn+2zmRwpFM:ev+8hVl52PZ6KY+2qRR

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

2.exe

pid process

1480 2.exe
1480 2.exe
1480 2.exe
1480 2.exe
1480 2.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2.exe

description pid process

Token: SeDebugPrivilege 1480 2.exe

description	pid	process
Token: SeDebugPrivilege	1480	2.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

2.exe

description	pid	process	target process
PID 1480 wrote to memory of 1180	1480	2.exe	2.exe
PID 1480 wrote to memory of 1180	1480	2.exe	2.exe
PID 1480 wrote to memory of 1180	1480	2.exe	2.exe
PID 1480 wrote to memory of 1180	1480	2.exe	2.exe
PID 1480 wrote to memory of 1316	1480	2.exe	2.exe
PID 1480 wrote to memory of 1316	1480	2.exe	2.exe
PID 1480 wrote to memory of 1316	1480	2.exe	2.exe
PID 1480 wrote to memory of 1316	1480	2.exe	2.exe
PID 1480 wrote to memory of 1132	1480	2.exe	2.exe
PID 1480 wrote to memory of 1132	1480	2.exe	2.exe
PID 1480 wrote to memory of 1132	1480	2.exe	2.exe
PID 1480 wrote to memory of 1132	1480	2.exe	2.exe
PID 1480 wrote to memory of 572	1480	2.exe	2.exe
PID 1480 wrote to memory of 572	1480	2.exe	2.exe
PID 1480 wrote to memory of 572	1480	2.exe	2.exe
PID 1480 wrote to memory of 572	1480	2.exe	2.exe
PID 1480 wrote to memory of 1420	1480	2.exe	2.exe
PID 1480 wrote to memory of 1420	1480	2.exe	2.exe
PID 1480 wrote to memory of 1420	1480	2.exe	2.exe
PID 1480 wrote to memory of 1420	1480	2.exe	2.exe

C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe"
  2⤵
  PID:1180
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe"
  2⤵
  PID:1316
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe"
  2⤵
  PID:1132
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe"
  2⤵
  PID:572
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe"
  2⤵
  PID:1420

memory/1480-54-0x00000000003F0000-0x00000000004F4000-memory.dmp

Filesize
1.0MB

Download
memory/1480-55-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download
memory/1480-56-0x0000000000510000-0x000000000052A000-memory.dmp

Filesize
104KB

Download
memory/1480-57-0x0000000000530000-0x000000000053E000-memory.dmp

Filesize
56KB

Download
memory/1480-58-0x0000000007FD0000-0x0000000008088000-memory.dmp

Filesize
736KB

Download
memory/1480-59-0x0000000004D40000-0x0000000004DBE000-memory.dmp

Filesize
504KB

Download