Analysis
-
max time kernel
94s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
25-03-2023 14:00
Behavioral task
behavioral1
Sample
e38edcf41b7b13dc8837e030774cf083.exe
Resource
win7-20230220-en
windows7-x64
4 signatures
150 seconds
General
-
Target
e38edcf41b7b13dc8837e030774cf083.exe
-
Size
9.6MB
-
MD5
e38edcf41b7b13dc8837e030774cf083
-
SHA1
1ed5f18fbc105fd177129f594d63e3297654acff
-
SHA256
9e83c3a822bc5253e9b5047fd2ee19abce885852db7afcb70d9b76fc470f69bc
-
SHA512
17021db0c40c5068c1df61e3682cd967fec74a76e661d5967b3950d2a0f2a3a64ea15abcfd21b89223fb541d3561172a0dbdcc2a63694996518e0fde8ced1080
-
SSDEEP
196608:JGujuxvOMsHXVCFzaixl/CcHsjGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG:JXdP3VC9CcMjGGGGGGGGGGGGGGGGGGGi
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
e38edcf41b7b13dc8837e030774cf083.exepid process 5072 e38edcf41b7b13dc8837e030774cf083.exe 5072 e38edcf41b7b13dc8837e030774cf083.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e38edcf41b7b13dc8837e030774cf083.exedescription pid process Token: SeDebugPrivilege 5072 e38edcf41b7b13dc8837e030774cf083.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
e38edcf41b7b13dc8837e030774cf083.exedescription pid process target process PID 5072 wrote to memory of 4368 5072 e38edcf41b7b13dc8837e030774cf083.exe InstallUtil.exe PID 5072 wrote to memory of 4368 5072 e38edcf41b7b13dc8837e030774cf083.exe InstallUtil.exe PID 5072 wrote to memory of 4368 5072 e38edcf41b7b13dc8837e030774cf083.exe InstallUtil.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e38edcf41b7b13dc8837e030774cf083.exe"C:\Users\Admin\AppData\Local\Temp\e38edcf41b7b13dc8837e030774cf083.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe"2⤵