0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55

Analysis

max time kernel
151s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-12-2022 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
Size

1.5MB
MD5

37f861404f4973b8bc7027357bf68152
SHA1

53b646dd7cfd678f28e68b1dfb6cc55002346f5d
SHA256

0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55
SHA512

fd21e82a95a6c408f4ab76800696daf96bd2f67b2ac839337e287e5948c9a89e13597ef16e5e676b1fe8ddde500f647475bde0f50ed098eba2b13ad2920253a3
SSDEEP

24576:kVul9sFlhDoa98ZqG7nZR8ef4mSswuAWg1QBis0CB4UiGOVWQkEkTZziYf44C+aP:kVm92j/9a7f/MWt08irVkEkTZzDC0/

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
Token: SeIncBasePriorityPrivilege	1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
1544	0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe

C:\Users\Admin\AppData\Local\Temp\0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe
"C:\Users\Admin\AppData\Local\Temp\0ce6aa306d6416bf737f370c24ef9a6b74782e9c58a466086fd7a4c9fc90de55.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1544-54-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download
memory/1544-55-0x0000000000400000-0x00000000008E0000-memory.dmp

Filesize
4.9MB

Download
memory/1544-56-0x0000000000260000-0x0000000000263000-memory.dmp

Filesize
12KB

Download
memory/1544-57-0x0000000000400000-0x00000000008E0000-memory.dmp

Filesize
4.9MB

Download