e3a27c3ad8688d37503d3cce23029ccaf3c66b795250f6149efbd715921dd09f

Resubmissions

25-01-2023 10:24

25-01-2023 09:16

max time kernel
63s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-01-2023 10:24

Target

7336f79a5f062008e1b29b842cd200f9.exe
Size

765KB
MD5

7336f79a5f062008e1b29b842cd200f9
SHA1

b46cbaaacbd0719f271f11c7623a39a7b325d7b3
SHA256

e3a27c3ad8688d37503d3cce23029ccaf3c66b795250f6149efbd715921dd09f
SHA512

8d265a418a4a7b668e73e1145fbb31ffa3f755d483172e3dd2a2d598cdbaa03d1c043dfb867af5a2eb0b19a961466a8adfe215c955fbb176be53df181ca77fa5
SSDEEP

12288:Mt4y1KMtEwcU3gZ+GQzjkATGds/2B4LwNkSVVLJc1E5UYY7BTOqm+6KV11Ipr:2f1K6AAgZbQzlGYs4LwnreYGIj+VVPq

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

7336f79a5f062008e1b29b842cd200f9.exe

description pid process target process

PID 1292 set thread context of 764 1292 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe

description	pid	process	target process
PID 1292 set thread context of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

7336f79a5f062008e1b29b842cd200f9.exe7336f79a5f062008e1b29b842cd200f9.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

7336f79a5f062008e1b29b842cd200f9.exe

description pid process

Token: SeDebugPrivilege 1292 7336f79a5f062008e1b29b842cd200f9.exe

description	pid	process
Token: SeDebugPrivilege	1292	7336f79a5f062008e1b29b842cd200f9.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

7336f79a5f062008e1b29b842cd200f9.exe

description	pid	process	target process
PID 1292 wrote to memory of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe
PID 1292 wrote to memory of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe
PID 1292 wrote to memory of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe
PID 1292 wrote to memory of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe
PID 1292 wrote to memory of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe
PID 1292 wrote to memory of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe
PID 1292 wrote to memory of 764	1292	7336f79a5f062008e1b29b842cd200f9.exe	7336f79a5f062008e1b29b842cd200f9.exe

C:\Users\Admin\AppData\Local\Temp\7336f79a5f062008e1b29b842cd200f9.exe
"C:\Users\Admin\AppData\Local\Temp\7336f79a5f062008e1b29b842cd200f9.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:764

memory/764-60-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/764-61-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/764-64-0x00000000004012E0-mapping.dmp

Download
memory/764-63-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/764-65-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/764-66-0x0000000000C90000-0x0000000000F93000-memory.dmp

Filesize
3.0MB

Download
memory/1292-54-0x0000000000900000-0x00000000009C6000-memory.dmp

Filesize
792KB

Download
memory/1292-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download
memory/1292-56-0x0000000000570000-0x0000000000580000-memory.dmp

Filesize
64KB

Download
memory/1292-57-0x0000000000840000-0x000000000084A000-memory.dmp

Filesize
40KB

Download
memory/1292-58-0x0000000004FA0000-0x0000000005010000-memory.dmp

Filesize
448KB

Download
memory/1292-59-0x0000000004180000-0x00000000041B4000-memory.dmp

Filesize
208KB

Download