9edfddb147829f4738b7dc33a7d8bfe86671b1d90ca65127561b7be7cb53a9a3

Analysis

max time kernel
43s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/03/2023, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e16dcc2e5da5997788c984683a9a30a.exe
Size

651KB
MD5

2e16dcc2e5da5997788c984683a9a30a
SHA1

4e40c6980eb20c492b9b606acadaafd986c48228
SHA256

9edfddb147829f4738b7dc33a7d8bfe86671b1d90ca65127561b7be7cb53a9a3
SHA512

0e3c580a191ab1a3a301bd4ece35c8da2012b6aec39c5871108520e588044c0a2fe26f72ce24316ce1b83229aede5461c2e0751ab5b94c7f7f5d76a62d1679c5
SSDEEP

12288:bPqmYMUnFW/NAb0aOPDzzx2SM5o9aF5qxm7G+jtFtocluO3Oa3R/BXSHE:bPqUCIaa525/5qxgPtJl58

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1136	2e16dcc2e5da5997788c984683a9a30a.exe
1136	2e16dcc2e5da5997788c984683a9a30a.exe
1136	2e16dcc2e5da5997788c984683a9a30a.exe
1136	2e16dcc2e5da5997788c984683a9a30a.exe
1136	2e16dcc2e5da5997788c984683a9a30a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1136	2e16dcc2e5da5997788c984683a9a30a.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 980	1136	2e16dcc2e5da5997788c984683a9a30a.exe	28
PID 1136 wrote to memory of 980	1136	2e16dcc2e5da5997788c984683a9a30a.exe	28
PID 1136 wrote to memory of 980	1136	2e16dcc2e5da5997788c984683a9a30a.exe	28
PID 1136 wrote to memory of 980	1136	2e16dcc2e5da5997788c984683a9a30a.exe	28
PID 1136 wrote to memory of 676	1136	2e16dcc2e5da5997788c984683a9a30a.exe	29
PID 1136 wrote to memory of 676	1136	2e16dcc2e5da5997788c984683a9a30a.exe	29
PID 1136 wrote to memory of 676	1136	2e16dcc2e5da5997788c984683a9a30a.exe	29
PID 1136 wrote to memory of 676	1136	2e16dcc2e5da5997788c984683a9a30a.exe	29
PID 1136 wrote to memory of 1232	1136	2e16dcc2e5da5997788c984683a9a30a.exe	30
PID 1136 wrote to memory of 1232	1136	2e16dcc2e5da5997788c984683a9a30a.exe	30
PID 1136 wrote to memory of 1232	1136	2e16dcc2e5da5997788c984683a9a30a.exe	30
PID 1136 wrote to memory of 1232	1136	2e16dcc2e5da5997788c984683a9a30a.exe	30
PID 1136 wrote to memory of 1868	1136	2e16dcc2e5da5997788c984683a9a30a.exe	31
PID 1136 wrote to memory of 1868	1136	2e16dcc2e5da5997788c984683a9a30a.exe	31
PID 1136 wrote to memory of 1868	1136	2e16dcc2e5da5997788c984683a9a30a.exe	31
PID 1136 wrote to memory of 1868	1136	2e16dcc2e5da5997788c984683a9a30a.exe	31
PID 1136 wrote to memory of 1872	1136	2e16dcc2e5da5997788c984683a9a30a.exe	32
PID 1136 wrote to memory of 1872	1136	2e16dcc2e5da5997788c984683a9a30a.exe	32
PID 1136 wrote to memory of 1872	1136	2e16dcc2e5da5997788c984683a9a30a.exe	32
PID 1136 wrote to memory of 1872	1136	2e16dcc2e5da5997788c984683a9a30a.exe	32

C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe
"C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe
  "C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe"
  2⤵
  PID:980
- C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe
  "C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe"
  2⤵
  PID:676
- C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe
  "C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe"
  2⤵
  PID:1232
- C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe
  "C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe"
  2⤵
  PID:1868
- C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe
  "C:\Users\Admin\AppData\Local\Temp\2e16dcc2e5da5997788c984683a9a30a.exe"
  2⤵
  PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1136-54-0x00000000003A0000-0x0000000000448000-memory.dmp

Filesize
672KB

Download
memory/1136-55-0x0000000000320000-0x0000000000360000-memory.dmp

Filesize
256KB

Download
memory/1136-56-0x00000000002D0000-0x00000000002E4000-memory.dmp

Filesize
80KB

Download
memory/1136-57-0x0000000000320000-0x0000000000360000-memory.dmp

Filesize
256KB

Download
memory/1136-58-0x0000000000300000-0x000000000030C000-memory.dmp

Filesize
48KB

Download
memory/1136-59-0x0000000005430000-0x00000000054C8000-memory.dmp

Filesize
608KB

Download
memory/1136-60-0x0000000000480000-0x00000000004A0000-memory.dmp

Filesize
128KB

Download