914ec7967105f367c2c14070b9c8b338354ecd2747f8972202714bb3668f39bc

Resubmissions

17-05-2023 01:49

230517-b8zhhacd81 10

17-05-2023 01:12

230517-bkztcsdc42 10

Analysis

max time kernel
46s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17-05-2023 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
Size

1.5MB
MD5

67683d83541b578498d12ddc5828260e
SHA1

679904b6c6101f399811885b42e98c4c8c564e6e
SHA256

9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680
SHA512

fb3080919598e0bedaa3b429e86f498bbbfcfb257a9c92dc9f6c197e2da9bd17328cc762bd97e7cbb770f0d6f1e8c8c05107a59f6204ce8ebc5ad4996e8e709b
SSDEEP

24576:sLOOmjfJ7uGyhgAzbOQ31ubRVTkK09CDg2bCaUwFDyfCTdNuuVIF/gwqb+:sG17uGmPOQ3oNVTkhC/bCaUwpy2wuV32

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1376	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	28
PID 2016 wrote to memory of 1376	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	28
PID 2016 wrote to memory of 1376	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	28
PID 2016 wrote to memory of 1376	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	28
PID 2016 wrote to memory of 968	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	29
PID 2016 wrote to memory of 968	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	29
PID 2016 wrote to memory of 968	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	29
PID 2016 wrote to memory of 968	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	29
PID 2016 wrote to memory of 692	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	30
PID 2016 wrote to memory of 692	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	30
PID 2016 wrote to memory of 692	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	30
PID 2016 wrote to memory of 692	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	30
PID 2016 wrote to memory of 1900	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	31
PID 2016 wrote to memory of 1900	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	31
PID 2016 wrote to memory of 1900	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	31
PID 2016 wrote to memory of 1900	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	31
PID 2016 wrote to memory of 1300	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	32
PID 2016 wrote to memory of 1300	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	32
PID 2016 wrote to memory of 1300	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	32
PID 2016 wrote to memory of 1300	2016	9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe	32

C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
"C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
  "C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe"
  2⤵
  PID:1376
- C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
  "C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe"
  2⤵
  PID:968
- C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
  "C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe"
  2⤵
  PID:692
- C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
  "C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe"
  2⤵
  PID:1900
- C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe
  "C:\Users\Admin\AppData\Local\Temp\9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680.exe"
  2⤵
  PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x0000000000140000-0x00000000002BC000-memory.dmp

Filesize
1.5MB

Download
memory/2016-55-0x0000000000790000-0x00000000007D0000-memory.dmp

Filesize
256KB

Download
memory/2016-56-0x00000000003D0000-0x00000000003E2000-memory.dmp

Filesize
72KB

Download
memory/2016-57-0x0000000000790000-0x00000000007D0000-memory.dmp

Filesize
256KB

Download
memory/2016-58-0x00000000005D0000-0x00000000005DA000-memory.dmp

Filesize
40KB

Download
memory/2016-59-0x0000000005950000-0x0000000005A88000-memory.dmp

Filesize
1.2MB

Download
memory/2016-60-0x0000000005C80000-0x0000000005E30000-memory.dmp

Filesize
1.7MB

Download