130a4a54a844e949bcc467e90fd705f966fc536f0ec71e74b6e784a6d2f1f579

Analysis

max time kernel
55s
max time network
182s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
10/03/2023, 03:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

130a4a54a844e949bcc467e90fd705f966fc536f0ec71e74b6e784a6d2f1f579.exe
Size

607KB
MD5

5ce9e94045006f90dc0fa07fdc831206
SHA1

702c73867c9b949a63b23a9505cc92e14652d0e0
SHA256

130a4a54a844e949bcc467e90fd705f966fc536f0ec71e74b6e784a6d2f1f579
SHA512

ca35a32125da9eefa38c89bf60ef4bd639bb89146194aa8ebf5dfaabc7594438564af4e237fae7c5df93bbd2f65ce43532c055d78435e02fd5279159352bab9a
SSDEEP

12288:kSEkZoqKzoDGNdq+OXCY2w0r2Hh0HvLvFSwt:kzkZeaQcDXCYH0AmPbFj

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4184	2304	WerFault.exe	65

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4532	powershell.exe
4532	powershell.exe
4532	powershell.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	2304	130a4a54a844e949bcc467e90fd705f966fc536f0ec71e74b6e784a6d2f1f579.exe
Token: SeDebugPrivilege	4532	powershell.exe
Token: SeIncreaseQuotaPrivilege	4532	powershell.exe
Token: SeSecurityPrivilege	4532	powershell.exe
Token: SeTakeOwnershipPrivilege	4532	powershell.exe
Token: SeLoadDriverPrivilege	4532	powershell.exe
Token: SeSystemProfilePrivilege	4532	powershell.exe
Token: SeSystemtimePrivilege	4532	powershell.exe
Token: SeProfSingleProcessPrivilege	4532	powershell.exe
Token: SeIncBasePriorityPrivilege	4532	powershell.exe
Token: SeCreatePagefilePrivilege	4532	powershell.exe
Token: SeBackupPrivilege	4532	powershell.exe
Token: SeRestorePrivilege	4532	powershell.exe
Token: SeShutdownPrivilege	4532	powershell.exe
Token: SeDebugPrivilege	4532	powershell.exe
Token: SeSystemEnvironmentPrivilege	4532	powershell.exe
Token: SeRemoteShutdownPrivilege	4532	powershell.exe
Token: SeUndockPrivilege	4532	powershell.exe
Token: SeManageVolumePrivilege	4532	powershell.exe
Token: 33	4532	powershell.exe
Token: 34	4532	powershell.exe
Token: 35	4532	powershell.exe
Token: 36	4532	powershell.exe

C:\Users\Admin\AppData\Local\Temp\130a4a54a844e949bcc467e90fd705f966fc536f0ec71e74b6e784a6d2f1f579.exe
"C:\Users\Admin\AppData\Local\Temp\130a4a54a844e949bcc467e90fd705f966fc536f0ec71e74b6e784a6d2f1f579.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2304
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 1296
  2⤵
  - Program crash
  PID:4184

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yqhbdzks.zno.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/2304-160-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-138-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-119-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-120-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-122-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-124-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-126-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-128-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-130-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-132-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-134-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-136-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-116-0x0000000000A70000-0x0000000000B0E000-memory.dmp

Filesize
632KB

Download
memory/2304-140-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-142-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-144-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-146-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-148-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-150-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-152-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-154-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-156-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-118-0x0000000005320000-0x0000000005410000-memory.dmp

Filesize
960KB

Download
memory/2304-158-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-176-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-164-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-166-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-168-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-170-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-172-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-174-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-162-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-178-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-180-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-182-0x0000000005320000-0x000000000540B000-memory.dmp

Filesize
940KB

Download
memory/2304-1605-0x00000000054F0000-0x0000000005500000-memory.dmp

Filesize
64KB

Download
memory/2304-2396-0x0000000005410000-0x0000000005466000-memory.dmp

Filesize
344KB

Download
memory/2304-2397-0x0000000005470000-0x00000000054C4000-memory.dmp

Filesize
336KB

Download
memory/2304-2398-0x00000000056B0000-0x00000000056FC000-memory.dmp

Filesize
304KB

Download
memory/2304-2399-0x0000000005770000-0x00000000057D6000-memory.dmp

Filesize
408KB

Download
memory/2304-2400-0x0000000005CD0000-0x0000000005D24000-memory.dmp

Filesize
336KB

Download
memory/2304-117-0x00000000054F0000-0x0000000005500000-memory.dmp

Filesize
64KB

Download
memory/4532-2407-0x0000024B4F4A0000-0x0000024B4F4B0000-memory.dmp

Filesize
64KB

Download
memory/4532-2408-0x0000024B4F5E0000-0x0000024B4F602000-memory.dmp

Filesize
136KB

Download
memory/4532-2412-0x0000024B500D0000-0x0000024B50146000-memory.dmp

Filesize
472KB

Download
memory/4532-2406-0x0000024B4F4A0000-0x0000024B4F4B0000-memory.dmp

Filesize
64KB

Download
memory/4532-2446-0x0000024B4F4A0000-0x0000024B4F4B0000-memory.dmp

Filesize
64KB

Download