9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11

Analysis

max time kernel
28s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-06-2023 07:51

Target

9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11.exe
Size

4.5MB
MD5

523f7333d348487e1ed6ee2893bcc68e
SHA1

e20e131b9d4fd667470caa2b1b182fe7acdeeb8c
SHA256

9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11
SHA512

ed1940838be8e963627388610023cbddf282d580f360b857c773fc8d03166f8f02ec41849bf8e1fab8f71e11b72155dfb9383f501c5894888fddcbd5134df999
SSDEEP

98304:rrZuTF3ECs78np6akd8j566W7YWF0I+7N:03m7UpWd8j5i0o

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
876	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	876	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 876	2024	9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11.exe	28
PID 2024 wrote to memory of 876	2024	9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11.exe	28
PID 2024 wrote to memory of 876	2024	9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11.exe	28

C:\Users\Admin\AppData\Local\Temp\9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11.exe
"C:\Users\Admin\AppData\Local\Temp\9ba24d504442705bd74b56e88d887ddee101ba98678ca9619403aa2eeeaa3b11.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\6C454B.ps1"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:876

C:\Users\Admin\AppData\Local\Temp\6C454B.ps1

Filesize
3KB

MD5
480587145931fee778be02906f9b90ce

SHA1
99614262573257a5254625e969ec215960db2c3b

SHA256
41782870b03475270db045d3614b9460e58a9a9c9252062b9a3a2c3f3bb02fbd

SHA512
95de2fdbe92057ef678c88f2e5d1f1c37263f9139f32f3aa3bc10027d1893316c77d90576c19471cc5d7af052a2e0219b273a0935270eba38271516a7e53e469

Download Submit
memory/876-60-0x000000001B220000-0x000000001B502000-memory.dmp

Filesize
2.9MB

Download
memory/876-61-0x00000000025D0000-0x00000000025D8000-memory.dmp

Filesize
32KB

Download
memory/876-63-0x0000000002720000-0x00000000027A0000-memory.dmp

Filesize
512KB

Download
memory/876-64-0x0000000002720000-0x00000000027A0000-memory.dmp

Filesize
512KB

Download