693c258cb5620f7e8714d4afc7215e2c7dc16872265148341db23b639906eecb

Analysis

max time kernel
50s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 14:29

Target

Technical Spec.exe
Size

1.5MB
MD5

ebf99fc11603d1ec4706b4330761df32
SHA1

c560ca5ae10593d7861701654d839d1071515866
SHA256

693c258cb5620f7e8714d4afc7215e2c7dc16872265148341db23b639906eecb
SHA512

d31c699f201343bd02c07bbf5d41e00df8368b81bfbb1d037fb4b1e1894fd3b8232e80b065845745fa6dab7f23d47efbb1d8b6a9143f5b7db0fb4a57395c4f4a
SSDEEP

49152:NQh9Nn3uFcWIY2YZGIUtNlMpovD2i9c2:0/37Wp2YPUtNlMG7N

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1996	Technical Spec.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 668	1996	Technical Spec.exe	27
PID 1996 wrote to memory of 668	1996	Technical Spec.exe	27
PID 1996 wrote to memory of 668	1996	Technical Spec.exe	27
PID 1996 wrote to memory of 668	1996	Technical Spec.exe	27
PID 1996 wrote to memory of 1932	1996	Technical Spec.exe	28
PID 1996 wrote to memory of 1932	1996	Technical Spec.exe	28
PID 1996 wrote to memory of 1932	1996	Technical Spec.exe	28
PID 1996 wrote to memory of 1932	1996	Technical Spec.exe	28
PID 1996 wrote to memory of 1760	1996	Technical Spec.exe	29
PID 1996 wrote to memory of 1760	1996	Technical Spec.exe	29
PID 1996 wrote to memory of 1760	1996	Technical Spec.exe	29
PID 1996 wrote to memory of 1760	1996	Technical Spec.exe	29
PID 1996 wrote to memory of 1768	1996	Technical Spec.exe	30
PID 1996 wrote to memory of 1768	1996	Technical Spec.exe	30
PID 1996 wrote to memory of 1768	1996	Technical Spec.exe	30
PID 1996 wrote to memory of 1768	1996	Technical Spec.exe	30
PID 1996 wrote to memory of 1724	1996	Technical Spec.exe	31
PID 1996 wrote to memory of 1724	1996	Technical Spec.exe	31
PID 1996 wrote to memory of 1724	1996	Technical Spec.exe	31
PID 1996 wrote to memory of 1724	1996	Technical Spec.exe	31

C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
"C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
  "C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
  2⤵
  PID:668
- C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
  "C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
  2⤵
  PID:1932
- C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
  "C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
  2⤵
  PID:1760
- C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
  "C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
  2⤵
  PID:1768
- C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe
  "C:\Users\Admin\AppData\Local\Temp\Technical Spec.exe"
  2⤵
  PID:1724

memory/1996-54-0x0000000000320000-0x00000000004AA000-memory.dmp

Filesize
1.5MB

Download
memory/1996-55-0x0000000004F10000-0x0000000004F50000-memory.dmp

Filesize
256KB

Download
memory/1996-56-0x00000000004C0000-0x00000000004D2000-memory.dmp

Filesize
72KB

Download
memory/1996-57-0x0000000004F10000-0x0000000004F50000-memory.dmp

Filesize
256KB

Download
memory/1996-58-0x00000000005D0000-0x00000000005DC000-memory.dmp

Filesize
48KB

Download
memory/1996-59-0x0000000005F90000-0x00000000060DA000-memory.dmp

Filesize
1.3MB

Download
memory/1996-60-0x0000000007F70000-0x0000000008132000-memory.dmp

Filesize
1.8MB

Download