88594695bdc9357dfd4ad5736af7f8ec01912cca4bb418f842228cf9ab1c9156

Analysis

max time kernel
59s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/05/2023, 09:24

Target

PO 229052SS316L.exe
Size

557KB
MD5

c76720884aecdaaab9c0a0de1bd932e6
SHA1

ba027a79ef8cfe430135776d7c5ff742b3fedb32
SHA256

88594695bdc9357dfd4ad5736af7f8ec01912cca4bb418f842228cf9ab1c9156
SHA512

63121271da276d101dc1c655ae8919012290b3c8fcd2d90ad2e790cb45779659223710da48e8666ff8b2d5692a8b5bfeded3e1ef2aa06597e36c67599631e3ac
SSDEEP

12288:IzmLBfalaBQMjDdpauE2Eie76lGgiDWqalb4c:OmLBfaMRG376lGVCRlb4

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	324	PO 229052SS316L.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 832	324	PO 229052SS316L.exe	27
PID 324 wrote to memory of 832	324	PO 229052SS316L.exe	27
PID 324 wrote to memory of 832	324	PO 229052SS316L.exe	27
PID 324 wrote to memory of 832	324	PO 229052SS316L.exe	27
PID 324 wrote to memory of 1796	324	PO 229052SS316L.exe	28
PID 324 wrote to memory of 1796	324	PO 229052SS316L.exe	28
PID 324 wrote to memory of 1796	324	PO 229052SS316L.exe	28
PID 324 wrote to memory of 1796	324	PO 229052SS316L.exe	28
PID 324 wrote to memory of 364	324	PO 229052SS316L.exe	29
PID 324 wrote to memory of 364	324	PO 229052SS316L.exe	29
PID 324 wrote to memory of 364	324	PO 229052SS316L.exe	29
PID 324 wrote to memory of 364	324	PO 229052SS316L.exe	29
PID 324 wrote to memory of 1732	324	PO 229052SS316L.exe	30
PID 324 wrote to memory of 1732	324	PO 229052SS316L.exe	30
PID 324 wrote to memory of 1732	324	PO 229052SS316L.exe	30
PID 324 wrote to memory of 1732	324	PO 229052SS316L.exe	30
PID 324 wrote to memory of 240	324	PO 229052SS316L.exe	31
PID 324 wrote to memory of 240	324	PO 229052SS316L.exe	31
PID 324 wrote to memory of 240	324	PO 229052SS316L.exe	31
PID 324 wrote to memory of 240	324	PO 229052SS316L.exe	31

C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe
"C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:324
- C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe
  "C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe"
  2⤵
  PID:832
- C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe
  "C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe"
  2⤵
  PID:1796
- C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe
  "C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe"
  2⤵
  PID:364
- C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe
  "C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe"
  2⤵
  PID:1732
- C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe
  "C:\Users\Admin\AppData\Local\Temp\PO 229052SS316L.exe"
  2⤵
  PID:240

memory/324-54-0x00000000003A0000-0x0000000000430000-memory.dmp

Filesize
576KB

Download
memory/324-55-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/324-56-0x0000000000320000-0x0000000000330000-memory.dmp

Filesize
64KB

Download
memory/324-57-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/324-58-0x0000000000380000-0x000000000038C000-memory.dmp

Filesize
48KB

Download
memory/324-59-0x0000000005160000-0x00000000051C0000-memory.dmp

Filesize
384KB

Download
memory/324-60-0x00000000005E0000-0x0000000000608000-memory.dmp

Filesize
160KB

Download