e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998

Analysis

max time kernel
107s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 21:00

Target

tmprwm0tnp5.exe
Size

1.6MB
MD5

170860057f4aad06ddbeea0ca2b3f1b6
SHA1

db04c735b769df458518f959ae7eca39cfa06213
SHA256

e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998
SHA512

f8bf57126bad026be2414121c798d5688119f06312404c35dea3f457deb717f6422291f5401178586fd23055577f893b4e6236e413c909e3b526c45d3b957766
SSDEEP

24576:uU7taDBzgNEfeEvFTMxdzYPh1ogay/zj1weNgcHFx5MpfTjU/c7jNXPohE:uU7PNBmMxdEvogdzxzHFx+pfTgE7VPI

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	844	tmprwm0tnp5.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 2032	844	tmprwm0tnp5.exe	28
PID 844 wrote to memory of 2032	844	tmprwm0tnp5.exe	28
PID 844 wrote to memory of 2032	844	tmprwm0tnp5.exe	28
PID 844 wrote to memory of 2032	844	tmprwm0tnp5.exe	28
PID 844 wrote to memory of 588	844	tmprwm0tnp5.exe	29
PID 844 wrote to memory of 588	844	tmprwm0tnp5.exe	29
PID 844 wrote to memory of 588	844	tmprwm0tnp5.exe	29
PID 844 wrote to memory of 588	844	tmprwm0tnp5.exe	29
PID 844 wrote to memory of 1380	844	tmprwm0tnp5.exe	30
PID 844 wrote to memory of 1380	844	tmprwm0tnp5.exe	30
PID 844 wrote to memory of 1380	844	tmprwm0tnp5.exe	30
PID 844 wrote to memory of 1380	844	tmprwm0tnp5.exe	30
PID 844 wrote to memory of 696	844	tmprwm0tnp5.exe	31
PID 844 wrote to memory of 696	844	tmprwm0tnp5.exe	31
PID 844 wrote to memory of 696	844	tmprwm0tnp5.exe	31
PID 844 wrote to memory of 696	844	tmprwm0tnp5.exe	31
PID 844 wrote to memory of 1816	844	tmprwm0tnp5.exe	32
PID 844 wrote to memory of 1816	844	tmprwm0tnp5.exe	32
PID 844 wrote to memory of 1816	844	tmprwm0tnp5.exe	32
PID 844 wrote to memory of 1816	844	tmprwm0tnp5.exe	32

C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
"C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:844
- C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
  "C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
  2⤵
  PID:2032
- C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
  "C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
  2⤵
  PID:588
- C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
  "C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
  2⤵
  PID:1380
- C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
  "C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
  2⤵
  PID:696
- C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
  "C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
  2⤵
  PID:1816

memory/844-54-0x0000000000110000-0x00000000002A6000-memory.dmp

Filesize
1.6MB

Download
memory/844-55-0x0000000004400000-0x0000000004440000-memory.dmp

Filesize
256KB

Download
memory/844-56-0x0000000000670000-0x0000000000682000-memory.dmp

Filesize
72KB

Download
memory/844-57-0x0000000004400000-0x0000000004440000-memory.dmp

Filesize
256KB

Download
memory/844-58-0x0000000000810000-0x000000000081C000-memory.dmp

Filesize
48KB

Download
memory/844-59-0x0000000005D70000-0x0000000005EA8000-memory.dmp

Filesize
1.2MB

Download
memory/844-60-0x000000000A470000-0x000000000A620000-memory.dmp

Filesize
1.7MB

Download