7e1f215877d458883e98c874ce1226b561f0ddd5114dad6baef44d66d33a98a6

Analysis

max time kernel
236s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
10-12-2022 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f53b20635e357caab65fc28f8a3667a.exe
Size

948KB
MD5

7f53b20635e357caab65fc28f8a3667a
SHA1

62f910bf47b40a1c9bc578e71ce57aaa3dccd06c
SHA256

7e1f215877d458883e98c874ce1226b561f0ddd5114dad6baef44d66d33a98a6
SHA512

0f55a2fcb97c856bf11f66c3b5bdb77e213e296987886507f4b18e4bc4c53f175b217a2318231a5db60891c43392578610e8d7cea570e0083b07e3053fbb5ff7
SSDEEP

12288:Y2SxFBoGPtdUAyeiHuc+6eiK+6Os0a980pY+ZmBjHUk+qxK3o3:JSzBXl9PiHuFpiK+6Os0U8shZmBHO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

7f53b20635e357caab65fc28f8a3667a.exe

pid	process
1520	7f53b20635e357caab65fc28f8a3667a.exe
1520	7f53b20635e357caab65fc28f8a3667a.exe
1520	7f53b20635e357caab65fc28f8a3667a.exe
1520	7f53b20635e357caab65fc28f8a3667a.exe
1520	7f53b20635e357caab65fc28f8a3667a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

7f53b20635e357caab65fc28f8a3667a.exe

description pid process

Token: SeDebugPrivilege 1520 7f53b20635e357caab65fc28f8a3667a.exe

description	pid	process
Token: SeDebugPrivilege	1520	7f53b20635e357caab65fc28f8a3667a.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

7f53b20635e357caab65fc28f8a3667a.exe

C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe
"C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1520

C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe
"C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe"
2⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe
"C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe"
2⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe
"C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe"
2⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe
"C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe"
2⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe
"C:\Users\Admin\AppData\Local\Temp\7f53b20635e357caab65fc28f8a3667a.exe"
2⤵
PID:1640

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-54-0x0000000000380000-0x0000000000472000-memory.dmp

Filesize
968KB

Download
memory/1520-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1520-56-0x0000000000560000-0x0000000000582000-memory.dmp

Filesize
136KB

Download
memory/1520-57-0x0000000000580000-0x000000000058E000-memory.dmp

Filesize
56KB

Download
memory/1520-58-0x0000000005380000-0x00000000053F0000-memory.dmp

Filesize
448KB

Download
memory/1520-59-0x0000000000820000-0x0000000000854000-memory.dmp

Filesize
208KB

Download

description	pid	process	target process
PID 1520 wrote to memory of 1876	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1876	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1876	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1876	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1028	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1028	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1028	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1028	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1132	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1132	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1132	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1132	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1696	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1696	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1696	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1696	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1640	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1640	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1640	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe
PID 1520 wrote to memory of 1640	1520	7f53b20635e357caab65fc28f8a3667a.exe	7f53b20635e357caab65fc28f8a3667a.exe