c154ed3d235c09075c2b126d08dfee2f12f8f4562bd08bca52a8c154b54f1b36

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/05/2023, 20:45

Target

735b5ee40aa2af54651a0b73069ee39da07f957e36dcac932d5cceca53e2f095.exe
Size

1.8MB
MD5

083efc6ac31c479d70975ce5728ab8cb
SHA1

8edefe9d9638926fb80008f6c5d947707624dba5
SHA256

735b5ee40aa2af54651a0b73069ee39da07f957e36dcac932d5cceca53e2f095
SHA512

bd20b314ab838c01427cadeee99c615bf73d2ae84003837eaf87f846a2343a3c3c02ee4c498b57c6d1d6ec3ccb294479cf18d1ed2709069e88e2e49c7fc80463
SSDEEP

49152:EkQTANkZgbWCFvV9JQPlihuQk/8gTLcozd2pHvuA:EaNklIV9JQdihTk/88lzkGA

Score

7^/10

.NET Reactor proctector 3 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/2012-54-0x0000000004F50000-0x0000000005140000-memory.dmp	net_reactor
behavioral1/memory/2012-55-0x0000000004D60000-0x0000000004F4E000-memory.dmp	net_reactor
behavioral1/memory/2012-57-0x00000000025A0000-0x00000000025E0000-memory.dmp	net_reactor

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2012	735b5ee40aa2af54651a0b73069ee39da07f957e36dcac932d5cceca53e2f095.exe

C:\Users\Admin\AppData\Local\Temp\735b5ee40aa2af54651a0b73069ee39da07f957e36dcac932d5cceca53e2f095.exe
"C:\Users\Admin\AppData\Local\Temp\735b5ee40aa2af54651a0b73069ee39da07f957e36dcac932d5cceca53e2f095.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2012

memory/2012-54-0x0000000004F50000-0x0000000005140000-memory.dmp

Filesize
1.9MB

Download
memory/2012-55-0x0000000004D60000-0x0000000004F4E000-memory.dmp

Filesize
1.9MB

Download
memory/2012-57-0x00000000025A0000-0x00000000025E0000-memory.dmp

Filesize
256KB

Download
memory/2012-56-0x00000000025A0000-0x00000000025E0000-memory.dmp

Filesize
256KB

Download