cdee68b70f34df596e447d686309f1eab16cba8cbfb281cff076fe434e92873d

Analysis

max time kernel
42s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
10-01-2023 21:11

Target

tmp.exe
Size

773KB
MD5

fca935bde375b17d37077ac03802f2ba
SHA1

54e5b8bdb6e58122352d0fd3f0ad685c9c2ff9da
SHA256

cdee68b70f34df596e447d686309f1eab16cba8cbfb281cff076fe434e92873d
SHA512

b6a5eeedc30e906b720e74bf1af9d1532c89cb0162a473551712136cb67403654c42fa6f590eafaa865e1b61669e4ff9c00b15b2e22482c38f0014f165c524b5
SSDEEP

24576:zgh/Ss5nyyx+NxEyazc9lF/2B5gbfVO+t4d+u:Mh/Ss5nyC+Nqyaz2eBKIq4

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	956	tmp.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 576	956	tmp.exe	28
PID 956 wrote to memory of 576	956	tmp.exe	28
PID 956 wrote to memory of 576	956	tmp.exe	28
PID 956 wrote to memory of 576	956	tmp.exe	28
PID 956 wrote to memory of 636	956	tmp.exe	29
PID 956 wrote to memory of 636	956	tmp.exe	29
PID 956 wrote to memory of 636	956	tmp.exe	29
PID 956 wrote to memory of 636	956	tmp.exe	29
PID 956 wrote to memory of 1508	956	tmp.exe	30
PID 956 wrote to memory of 1508	956	tmp.exe	30
PID 956 wrote to memory of 1508	956	tmp.exe	30
PID 956 wrote to memory of 1508	956	tmp.exe	30
PID 956 wrote to memory of 896	956	tmp.exe	31
PID 956 wrote to memory of 896	956	tmp.exe	31
PID 956 wrote to memory of 896	956	tmp.exe	31
PID 956 wrote to memory of 896	956	tmp.exe	31
PID 956 wrote to memory of 524	956	tmp.exe	32
PID 956 wrote to memory of 524	956	tmp.exe	32
PID 956 wrote to memory of 524	956	tmp.exe	32
PID 956 wrote to memory of 524	956	tmp.exe	32

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:956
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:576
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:636
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:1508
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:896
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:524

memory/956-54-0x0000000000260000-0x0000000000328000-memory.dmp

Filesize
800KB

Download
memory/956-55-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/956-56-0x0000000000450000-0x0000000000466000-memory.dmp

Filesize
88KB

Download
memory/956-57-0x0000000000480000-0x000000000048A000-memory.dmp

Filesize
40KB

Download
memory/956-58-0x0000000004880000-0x00000000048DC000-memory.dmp

Filesize
368KB

Download
memory/956-59-0x00000000006F0000-0x0000000000712000-memory.dmp

Filesize
136KB

Download