Analysis
-
max time kernel
55s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
18-01-2023 05:20
Behavioral task
behavioral1
Sample
npp.8.4.8.Installer.x64.exe
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
npp.8.4.8.Installer.x64.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
npp.8.4.8.Installer.x64.exe
-
Size
4.4MB
-
MD5
c0a7843660c41c0da01a91298f426c03
-
SHA1
e94077a65ba887fd97d8824245bfdbfa914b464e
-
SHA256
6c365c86aa823b55235be2d7f139160bfe994a33b2d34b73de239b24bbde7391
-
SHA512
c97c0712555476c8f0e0d39c5f52d36d8937c504f06f5ef5e9ec54fb98f3c61db910fefe5ab4c27d1c91c9c9e7688cd376b841c510090064fa563f412eeb91b9
-
SSDEEP
49152:mj8saMWbZtUB8hSjRNTpGktKDJ3Ma1+Mf/bEA88pqhazt8JUtAl02F19NtvZk2:mosaxbZtJEj4rEAkJUcNdZr
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 42 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4784 wmic.exe Token: SeSecurityPrivilege 4784 wmic.exe Token: SeTakeOwnershipPrivilege 4784 wmic.exe Token: SeLoadDriverPrivilege 4784 wmic.exe Token: SeSystemProfilePrivilege 4784 wmic.exe Token: SeSystemtimePrivilege 4784 wmic.exe Token: SeProfSingleProcessPrivilege 4784 wmic.exe Token: SeIncBasePriorityPrivilege 4784 wmic.exe Token: SeCreatePagefilePrivilege 4784 wmic.exe Token: SeBackupPrivilege 4784 wmic.exe Token: SeRestorePrivilege 4784 wmic.exe Token: SeShutdownPrivilege 4784 wmic.exe Token: SeDebugPrivilege 4784 wmic.exe Token: SeSystemEnvironmentPrivilege 4784 wmic.exe Token: SeRemoteShutdownPrivilege 4784 wmic.exe Token: SeUndockPrivilege 4784 wmic.exe Token: SeManageVolumePrivilege 4784 wmic.exe Token: 33 4784 wmic.exe Token: 34 4784 wmic.exe Token: 35 4784 wmic.exe Token: 36 4784 wmic.exe Token: SeIncreaseQuotaPrivilege 4784 wmic.exe Token: SeSecurityPrivilege 4784 wmic.exe Token: SeTakeOwnershipPrivilege 4784 wmic.exe Token: SeLoadDriverPrivilege 4784 wmic.exe Token: SeSystemProfilePrivilege 4784 wmic.exe Token: SeSystemtimePrivilege 4784 wmic.exe Token: SeProfSingleProcessPrivilege 4784 wmic.exe Token: SeIncBasePriorityPrivilege 4784 wmic.exe Token: SeCreatePagefilePrivilege 4784 wmic.exe Token: SeBackupPrivilege 4784 wmic.exe Token: SeRestorePrivilege 4784 wmic.exe Token: SeShutdownPrivilege 4784 wmic.exe Token: SeDebugPrivilege 4784 wmic.exe Token: SeSystemEnvironmentPrivilege 4784 wmic.exe Token: SeRemoteShutdownPrivilege 4784 wmic.exe Token: SeUndockPrivilege 4784 wmic.exe Token: SeManageVolumePrivilege 4784 wmic.exe Token: 33 4784 wmic.exe Token: 34 4784 wmic.exe Token: 35 4784 wmic.exe Token: 36 4784 wmic.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3952 wrote to memory of 4784 3952 npp.8.4.8.Installer.x64.exe 81 PID 3952 wrote to memory of 4784 3952 npp.8.4.8.Installer.x64.exe 81 PID 3952 wrote to memory of 4784 3952 npp.8.4.8.Installer.x64.exe 81