3f22bd2e20b994c404cdc3fd87820817b32c3471d003c3156186ecac22936022

Analysis

max time kernel
58s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf136bd0d7568d3db33aede1e943caea.exe
Size

624KB
MD5

bf136bd0d7568d3db33aede1e943caea
SHA1

73167832a6b1cc08fc605b8fc5045ff54331c73f
SHA256

3f22bd2e20b994c404cdc3fd87820817b32c3471d003c3156186ecac22936022
SHA512

026c54ae5c7cca5362528b309bd5914cdb06c2fde62df8ac0c62a834c6501109436abdfd8353934e4f2d2830f74268f0592b14564a580c95a2b8b6729cc91a68
SSDEEP

12288:31ni4IycA7XRrWBkz0eSZ0fso2f96VgCf/v9+pM6DkqkvB:31kG8CzXKe32qv/vopMwkqi

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1236	bf136bd0d7568d3db33aede1e943caea.exe
1236	bf136bd0d7568d3db33aede1e943caea.exe
1236	bf136bd0d7568d3db33aede1e943caea.exe
1236	bf136bd0d7568d3db33aede1e943caea.exe
1236	bf136bd0d7568d3db33aede1e943caea.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1236	bf136bd0d7568d3db33aede1e943caea.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1752	1236	bf136bd0d7568d3db33aede1e943caea.exe	26
PID 1236 wrote to memory of 1752	1236	bf136bd0d7568d3db33aede1e943caea.exe	26
PID 1236 wrote to memory of 1752	1236	bf136bd0d7568d3db33aede1e943caea.exe	26
PID 1236 wrote to memory of 1752	1236	bf136bd0d7568d3db33aede1e943caea.exe	26
PID 1236 wrote to memory of 1572	1236	bf136bd0d7568d3db33aede1e943caea.exe	28
PID 1236 wrote to memory of 1572	1236	bf136bd0d7568d3db33aede1e943caea.exe	28
PID 1236 wrote to memory of 1572	1236	bf136bd0d7568d3db33aede1e943caea.exe	28
PID 1236 wrote to memory of 1572	1236	bf136bd0d7568d3db33aede1e943caea.exe	28
PID 1236 wrote to memory of 1040	1236	bf136bd0d7568d3db33aede1e943caea.exe	27
PID 1236 wrote to memory of 1040	1236	bf136bd0d7568d3db33aede1e943caea.exe	27
PID 1236 wrote to memory of 1040	1236	bf136bd0d7568d3db33aede1e943caea.exe	27
PID 1236 wrote to memory of 1040	1236	bf136bd0d7568d3db33aede1e943caea.exe	27
PID 1236 wrote to memory of 1296	1236	bf136bd0d7568d3db33aede1e943caea.exe	29
PID 1236 wrote to memory of 1296	1236	bf136bd0d7568d3db33aede1e943caea.exe	29
PID 1236 wrote to memory of 1296	1236	bf136bd0d7568d3db33aede1e943caea.exe	29
PID 1236 wrote to memory of 1296	1236	bf136bd0d7568d3db33aede1e943caea.exe	29
PID 1236 wrote to memory of 1596	1236	bf136bd0d7568d3db33aede1e943caea.exe	30
PID 1236 wrote to memory of 1596	1236	bf136bd0d7568d3db33aede1e943caea.exe	30
PID 1236 wrote to memory of 1596	1236	bf136bd0d7568d3db33aede1e943caea.exe	30
PID 1236 wrote to memory of 1596	1236	bf136bd0d7568d3db33aede1e943caea.exe	30

C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
"C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
  "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
  2⤵
  PID:1752
- C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
  "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
  2⤵
  PID:1040
- C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
  "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
  2⤵
  PID:1572
- C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
  "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
  2⤵
  PID:1296
- C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe
  "C:\Users\Admin\AppData\Local\Temp\bf136bd0d7568d3db33aede1e943caea.exe"
  2⤵
  PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1236-54-0x00000000003D0000-0x0000000000472000-memory.dmp

Filesize
648KB

Download
memory/1236-55-0x0000000004D10000-0x0000000004D50000-memory.dmp

Filesize
256KB

Download
memory/1236-56-0x0000000000290000-0x00000000002A2000-memory.dmp

Filesize
72KB

Download
memory/1236-57-0x0000000004D10000-0x0000000004D50000-memory.dmp

Filesize
256KB

Download
memory/1236-58-0x00000000004E0000-0x00000000004EC000-memory.dmp

Filesize
48KB

Download
memory/1236-59-0x00000000057F0000-0x0000000005858000-memory.dmp

Filesize
416KB

Download
memory/1236-60-0x00000000044E0000-0x0000000004512000-memory.dmp

Filesize
200KB

Download