a6bdc7d25ae942d15182d26e449c329340db53470a079647d3b6ddb06b7e28d5

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 12:55

Target

file.exe
Size

3.3MB
MD5

2a0c96488c0bf6d685ffe058c1ebb06d
SHA1

9f1cfa7df0680a3b65a192ee8039465d129b62b7
SHA256

a6bdc7d25ae942d15182d26e449c329340db53470a079647d3b6ddb06b7e28d5
SHA512

072ce92f37756cc44d6bbc029446f40d451b5dff8fd188688185c7f405453d703b1c0654adb6ce4f1bb39a12e24450736925041f063df0d9b08e0fe72b280e5d
SSDEEP

24576:EAzFN9Z2XBQFio7Q0sE93KBLPdA6sU1rdUEHbR2XSQXuCRP7+jNJCRZgC/LUa9kJ:EA36kio7Q0sENKHi4wkhlKYQkjRj

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

file.exe

pid process

1992 file.exe
1992 file.exe
1992 file.exe
1992 file.exe
1992 file.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

file.exe

description pid process

Token: SeDebugPrivilege 1992 file.exe

description	pid	process
Token: SeDebugPrivilege	1992	file.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

file.exe

description	pid	process	target process
PID 1992 wrote to memory of 1696	1992	file.exe	file.exe
PID 1992 wrote to memory of 1696	1992	file.exe	file.exe
PID 1992 wrote to memory of 1696	1992	file.exe	file.exe
PID 1992 wrote to memory of 1696	1992	file.exe	file.exe
PID 1992 wrote to memory of 1996	1992	file.exe	file.exe
PID 1992 wrote to memory of 1996	1992	file.exe	file.exe
PID 1992 wrote to memory of 1996	1992	file.exe	file.exe
PID 1992 wrote to memory of 1996	1992	file.exe	file.exe
PID 1992 wrote to memory of 1980	1992	file.exe	file.exe
PID 1992 wrote to memory of 1980	1992	file.exe	file.exe
PID 1992 wrote to memory of 1980	1992	file.exe	file.exe
PID 1992 wrote to memory of 1980	1992	file.exe	file.exe
PID 1992 wrote to memory of 548	1992	file.exe	file.exe
PID 1992 wrote to memory of 548	1992	file.exe	file.exe
PID 1992 wrote to memory of 548	1992	file.exe	file.exe
PID 1992 wrote to memory of 548	1992	file.exe	file.exe
PID 1992 wrote to memory of 1808	1992	file.exe	file.exe
PID 1992 wrote to memory of 1808	1992	file.exe	file.exe
PID 1992 wrote to memory of 1808	1992	file.exe	file.exe
PID 1992 wrote to memory of 1808	1992	file.exe	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
2⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
2⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
2⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
2⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
2⤵
PID:1808

memory/1992-54-0x0000000000120000-0x0000000000476000-memory.dmp

Filesize
3.3MB

Download
memory/1992-55-0x0000000000820000-0x0000000000832000-memory.dmp

Filesize
72KB

Download
memory/1992-56-0x0000000000910000-0x0000000000918000-memory.dmp

Filesize
32KB

Download