757371fd80dda17d1844c472bead62365e29e5f902e32afad9bc0120346220d5

Analysis

max time kernel
52s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 21:00

Target

TNTEXPRESS.exe
Size

683KB
MD5

64ba7b4484114967c48bea5cff6ac9bb
SHA1

65eba06d17dd6b75ae74c5cf09ae5e25e81ea0e2
SHA256

757371fd80dda17d1844c472bead62365e29e5f902e32afad9bc0120346220d5
SHA512

6727c4345e373355a6bc39e900a890a6116ad051c60112089cf4cea1aed57f749cd3bf1904039ceec8ee522039a93ed48e4e0b47b5ee5e05922ac7d72ae31360
SSDEEP

12288:49oe+bBWrllPje9oSTSIEdlP9sDIZD/6K3ZZ5saOkdjB28lA5Y8:49oe+Ill0o3IyPq8NrpS0lWY

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

TNTEXPRESS.exe

pid process

1984 TNTEXPRESS.exe
1984 TNTEXPRESS.exe
1984 TNTEXPRESS.exe
1984 TNTEXPRESS.exe
1984 TNTEXPRESS.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

TNTEXPRESS.exe

description pid process

Token: SeDebugPrivilege 1984 TNTEXPRESS.exe

description	pid	process
Token: SeDebugPrivilege	1984	TNTEXPRESS.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

TNTEXPRESS.exe

description	pid	process	target process
PID 1984 wrote to memory of 548	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 548	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 548	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 548	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1764	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1764	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1764	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1764	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1740	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1740	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1740	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1740	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1780	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1780	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1780	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1780	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1708	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1708	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1708	1984	TNTEXPRESS.exe	TNTEXPRESS.exe
PID 1984 wrote to memory of 1708	1984	TNTEXPRESS.exe	TNTEXPRESS.exe

C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
"C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
2⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
"C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
2⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
"C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
2⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
"C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
2⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe
"C:\Users\Admin\AppData\Local\Temp\TNTEXPRESS.exe"
2⤵
PID:1708

memory/1984-54-0x00000000003F0000-0x00000000004A2000-memory.dmp

Filesize
712KB

Download
memory/1984-55-0x0000000004C90000-0x0000000004CD0000-memory.dmp

Filesize
256KB

Download
memory/1984-56-0x00000000003A0000-0x00000000003B4000-memory.dmp

Filesize
80KB

Download
memory/1984-57-0x0000000004C90000-0x0000000004CD0000-memory.dmp

Filesize
256KB

Download
memory/1984-58-0x0000000000560000-0x000000000056C000-memory.dmp

Filesize
48KB

Download
memory/1984-59-0x0000000007C90000-0x0000000007D00000-memory.dmp

Filesize
448KB

Download
memory/1984-60-0x00000000041C0000-0x00000000041F8000-memory.dmp

Filesize
224KB

Download