b4cf4a2ec95d860b75978258e4610ad9f48d4f8cdd1c22059feb775aad372479

Analysis

max time kernel
140s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02-06-2023 13:14

Target

file.exe
Size

448KB
MD5

d75adb1d4ee451bf3727321277d5518c
SHA1

b976c804e101cd6e8d290031fa9ec966698bc715
SHA256

b4cf4a2ec95d860b75978258e4610ad9f48d4f8cdd1c22059feb775aad372479
SHA512

64956041ca9321327dc5b4d7c708603ce97b0d7fdb0bd8eb377c61f9a93a4d21e755808c5251c2e9bb20bcfdc14c013741ba136745fb51323fce35d125cb999c
SSDEEP

12288:QXMDVuJsY+yzqudw1ClqjWWf3te6yBncIZa:QXM8sOquaklbkk6ga

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 908 set thread context of 764	908	file.exe	27

Suspicious behavior: EnumeratesProcesses 29 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	764	Setup.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27
PID 908 wrote to memory of 764	908	file.exe	27

memory/764-56-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/764-57-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/764-58-0x0000000002440000-0x0000000002743000-memory.dmp

Filesize
3.0MB

Download
memory/908-54-0x0000000001320000-0x0000000001394000-memory.dmp

Filesize
464KB

Download
memory/908-55-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download