e8b1cc1db36f6dd29c489bbc3e644b5596d034403d0d5ba50bb3fbc7799742bc

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 06:52

Target

chatgpt.exe
Size

524KB
MD5

cb82f71d474860c5d6c98946ae220614
SHA1

325eb103af33b126a5d1fea6f63b1b811022f20c
SHA256

e8b1cc1db36f6dd29c489bbc3e644b5596d034403d0d5ba50bb3fbc7799742bc
SHA512

0db6d49315653e1a83908f5de32abd109dbc8373c743282e48781102aa19c92cd7847c3efbb867ae5c302714504761bdc2103c3e3fc9690321557feafa4cd7dd
SSDEEP

6144:LYb3Yp1p/5R04X65ml66joPiMtTHt2erzXwixmkGLAIBch6dB7FWKkAl7zGihJYj:7p/5R0g6QwlJRGLAIBcosKn7S

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

912 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 912 powershell.exe

pid	process
912	powershell.exe

description	pid	process
Token: SeDebugPrivilege	912	powershell.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

chatgpt.exe

description	pid	process	target process
PID 1904 wrote to memory of 912	1904	chatgpt.exe	powershell.exe
PID 1904 wrote to memory of 912	1904	chatgpt.exe	powershell.exe
PID 1904 wrote to memory of 912	1904	chatgpt.exe	powershell.exe
PID 1904 wrote to memory of 912	1904	chatgpt.exe	powershell.exe

C:\Users\Admin\AppData\Local\Temp\chatgpt.exe
"C:\Users\Admin\AppData\Local\Temp\chatgpt.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1904

memory/912-56-0x0000000000000000-mapping.dmp

Download
memory/912-58-0x0000000073480000-0x0000000073A2B000-memory.dmp

Filesize
5.7MB

Download
memory/912-59-0x0000000073480000-0x0000000073A2B000-memory.dmp

Filesize
5.7MB

Download
memory/1904-54-0x0000000001070000-0x00000000010FA000-memory.dmp

Filesize
552KB

Download
memory/1904-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download