00df99afbaaca9dd27d58796ace28c9408c9ef32af8e9375638a919c1f645599

Analysis

max time kernel
54s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20/04/2023, 01:06

Target

DHL_AWB_975539839616.exe
Size

588KB
MD5

f2a6a23bd98ff275751843da1ea99bee
SHA1

69c11c308f989515c05ef36f242efc7e0a276b28
SHA256

21d455342573c58b10724e61e0fefadd32fd934b573b8f6f655e52e08dadc8bf
SHA512

c4795a6ae5d65bfbde956df3fffc3fae97197c32595775be08ab0d566e5a77dc0f869b1c9aa8393ed666311b8e16dfdf2e40020b00edb8caaa9ede5cf1d804c5
SSDEEP

12288:nOnbqjckIgJaPrboWnxmBa+AnTxY5bsZgdEupSmJaG:nJJpMo2Ev6VIEuzn

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1324	DHL_AWB_975539839616.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 772	1324	DHL_AWB_975539839616.exe	28
PID 1324 wrote to memory of 772	1324	DHL_AWB_975539839616.exe	28
PID 1324 wrote to memory of 772	1324	DHL_AWB_975539839616.exe	28
PID 1324 wrote to memory of 772	1324	DHL_AWB_975539839616.exe	28
PID 1324 wrote to memory of 736	1324	DHL_AWB_975539839616.exe	29
PID 1324 wrote to memory of 736	1324	DHL_AWB_975539839616.exe	29
PID 1324 wrote to memory of 736	1324	DHL_AWB_975539839616.exe	29
PID 1324 wrote to memory of 736	1324	DHL_AWB_975539839616.exe	29
PID 1324 wrote to memory of 784	1324	DHL_AWB_975539839616.exe	30
PID 1324 wrote to memory of 784	1324	DHL_AWB_975539839616.exe	30
PID 1324 wrote to memory of 784	1324	DHL_AWB_975539839616.exe	30
PID 1324 wrote to memory of 784	1324	DHL_AWB_975539839616.exe	30
PID 1324 wrote to memory of 1100	1324	DHL_AWB_975539839616.exe	31
PID 1324 wrote to memory of 1100	1324	DHL_AWB_975539839616.exe	31
PID 1324 wrote to memory of 1100	1324	DHL_AWB_975539839616.exe	31
PID 1324 wrote to memory of 1100	1324	DHL_AWB_975539839616.exe	31
PID 1324 wrote to memory of 324	1324	DHL_AWB_975539839616.exe	32
PID 1324 wrote to memory of 324	1324	DHL_AWB_975539839616.exe	32
PID 1324 wrote to memory of 324	1324	DHL_AWB_975539839616.exe	32
PID 1324 wrote to memory of 324	1324	DHL_AWB_975539839616.exe	32

C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe
"C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe
  "C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe"
  2⤵
  PID:772
- C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe
  "C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe"
  2⤵
  PID:736
- C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe
  "C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe"
  2⤵
  PID:784
- C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe
  "C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe"
  2⤵
  PID:1100
- C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe
  "C:\Users\Admin\AppData\Local\Temp\DHL_AWB_975539839616.exe"
  2⤵
  PID:324

memory/1324-54-0x0000000000390000-0x000000000042A000-memory.dmp

Filesize
616KB

Download
memory/1324-55-0x0000000001F80000-0x0000000001FC0000-memory.dmp

Filesize
256KB

Download
memory/1324-56-0x00000000005F0000-0x0000000000604000-memory.dmp

Filesize
80KB

Download
memory/1324-57-0x0000000001F80000-0x0000000001FC0000-memory.dmp

Filesize
256KB

Download
memory/1324-58-0x0000000000600000-0x000000000060C000-memory.dmp

Filesize
48KB

Download
memory/1324-59-0x0000000004E90000-0x0000000004EFA000-memory.dmp

Filesize
424KB

Download
memory/1324-60-0x00000000020D0000-0x0000000002102000-memory.dmp

Filesize
200KB

Download