679ecde4cd6afa60eaf6ab07179310def1cc22b0790b1efeb52ce1d80b06531c

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16-05-2023 12:01

Target

MavrodiBlack 2.exe
Size

592KB
MD5

a5f8768a97c74ecc4c26c402f2bcef11
SHA1

d234ce957544025614d49e1e18f3bac6352ca994
SHA256

679ecde4cd6afa60eaf6ab07179310def1cc22b0790b1efeb52ce1d80b06531c
SHA512

e425b6d9f19de18465af3ea438a9ec3ee9f0ca30608146f3094fa28960a841f5d3a9a2a13655c2123d93f5bcab79e57a37b10d7201ffddd8b8991c3f0eae6009
SSDEEP

6144:jS6d7abcho/OiptVSaPCpikafd5Y9k1WeR7LSxDxpaG6WiX22QbjMrgXScKl+mH1:W6dvhop3zlEyLeKXo8r2Kl+4mW/QKU6

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1704 set thread context of 1688	1704	MavrodiBlack 2.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1164	1688	WerFault.exe	29

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1688	AppLaunch.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1704 wrote to memory of 1688	1704	MavrodiBlack 2.exe	29
PID 1688 wrote to memory of 1164	1688	AppLaunch.exe	30
PID 1688 wrote to memory of 1164	1688	AppLaunch.exe	30
PID 1688 wrote to memory of 1164	1688	AppLaunch.exe	30
PID 1688 wrote to memory of 1164	1688	AppLaunch.exe	30
PID 1688 wrote to memory of 1164	1688	AppLaunch.exe	30
PID 1688 wrote to memory of 1164	1688	AppLaunch.exe	30
PID 1688 wrote to memory of 1164	1688	AppLaunch.exe	30

memory/1688-55-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1688-56-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1688-60-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1688-62-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1688-63-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1688-64-0x0000000000330000-0x000000000034A000-memory.dmp

Filesize
104KB

Download
memory/1688-65-0x0000000004C40000-0x0000000004C80000-memory.dmp

Filesize
256KB

Download
memory/1688-66-0x0000000004C40000-0x0000000004C80000-memory.dmp

Filesize
256KB

Download