360a11f373a1de2b6a440353766eae032708a49bc55f48ea185e45f092f36dc7

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 20:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ebd1368979b5adb9586ce512b63876985a497e1727ffbd54732cd42eef992b81.exe
Size

10.0MB
MD5

83fbded097edeeeec35ebb02e6f58efb
SHA1

0b2ee0d31fceb7108c0fdbf160ecbc7a0d3f74b1
SHA256

ebd1368979b5adb9586ce512b63876985a497e1727ffbd54732cd42eef992b81
SHA512

a70f52eebca88019ba06c2b22ac0d0119d23a1b7b358c6132d617eb444a76eb299fa2c211c1b83d4d32377aaf62a1e56e90f5c36a0e76456d96a724739a70529
SSDEEP

98304:TOcegIdwqxPLEx6AfWOk3FeCN5RLVzS2pTTDrx9mhgEUwvR:TefGqawAeOk38CrRdvmhtU

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1048	WMIC.exe
Token: SeSecurityPrivilege	1048	WMIC.exe
Token: SeTakeOwnershipPrivilege	1048	WMIC.exe
Token: SeLoadDriverPrivilege	1048	WMIC.exe
Token: SeSystemProfilePrivilege	1048	WMIC.exe
Token: SeSystemtimePrivilege	1048	WMIC.exe
Token: SeProfSingleProcessPrivilege	1048	WMIC.exe
Token: SeIncBasePriorityPrivilege	1048	WMIC.exe
Token: SeCreatePagefilePrivilege	1048	WMIC.exe
Token: SeBackupPrivilege	1048	WMIC.exe
Token: SeRestorePrivilege	1048	WMIC.exe
Token: SeShutdownPrivilege	1048	WMIC.exe
Token: SeDebugPrivilege	1048	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1048	WMIC.exe
Token: SeRemoteShutdownPrivilege	1048	WMIC.exe
Token: SeUndockPrivilege	1048	WMIC.exe
Token: SeManageVolumePrivilege	1048	WMIC.exe
Token: 33	1048	WMIC.exe
Token: 34	1048	WMIC.exe
Token: 35	1048	WMIC.exe
Token: 36	1048	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1048	WMIC.exe
Token: SeSecurityPrivilege	1048	WMIC.exe
Token: SeTakeOwnershipPrivilege	1048	WMIC.exe
Token: SeLoadDriverPrivilege	1048	WMIC.exe
Token: SeSystemProfilePrivilege	1048	WMIC.exe
Token: SeSystemtimePrivilege	1048	WMIC.exe
Token: SeProfSingleProcessPrivilege	1048	WMIC.exe
Token: SeIncBasePriorityPrivilege	1048	WMIC.exe
Token: SeCreatePagefilePrivilege	1048	WMIC.exe
Token: SeBackupPrivilege	1048	WMIC.exe
Token: SeRestorePrivilege	1048	WMIC.exe
Token: SeShutdownPrivilege	1048	WMIC.exe
Token: SeDebugPrivilege	1048	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1048	WMIC.exe
Token: SeRemoteShutdownPrivilege	1048	WMIC.exe
Token: SeUndockPrivilege	1048	WMIC.exe
Token: SeManageVolumePrivilege	1048	WMIC.exe
Token: 33	1048	WMIC.exe
Token: 34	1048	WMIC.exe
Token: 35	1048	WMIC.exe
Token: 36	1048	WMIC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 4960	1116	ebd1368979b5adb9586ce512b63876985a497e1727ffbd54732cd42eef992b81.exe	85
PID 1116 wrote to memory of 4960	1116	ebd1368979b5adb9586ce512b63876985a497e1727ffbd54732cd42eef992b81.exe	85
PID 4960 wrote to memory of 1048	4960	cmd.exe	84
PID 4960 wrote to memory of 1048	4960	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\ebd1368979b5adb9586ce512b63876985a497e1727ffbd54732cd42eef992b81.exe
"C:\Users\Admin\AppData\Local\Temp\ebd1368979b5adb9586ce512b63876985a497e1727ffbd54732cd42eef992b81.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\system32\cmd.exe
  cmd.exe /c "wmic csproduct get uuid"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4960

C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1048

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads