68b49b04908679c9170d9c2d2028f4494802fa55f6fa35e8a3479b6f520ca0e3

Analysis

max time kernel
149s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/06/2023, 01:43

Target

OUR REF RFQ 600066536 - PR 10023150.exe
Size

656KB
MD5

14797c70f8e6515d5412b6d19f04851b
SHA1

9cfb01a7f1fa2439f50ae28865741d10859042e3
SHA256

607dcd836bd33a6d2afe6ef3c632468ef126eb49923409e246ba7ec86311c5a7
SHA512

e1ebc1ed9d5339e938deca4bbe4086746409d7d490259fe58280dacef9c10bce6e0f479016710fbaa99cb07f08c7f5f4d5e55866136c0a5b2746d20a2026f2f7
SSDEEP

12288:PrGnmUAhgkCBU8kqiKpwPluNJJxT957M2VrRw61QwdF5CnKIBeVViEvKhX1F2FWj:o3vbC8QXKdiEvKhFFaW9x

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2008 set thread context of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27

Suspicious behavior: EnumeratesProcesses 25 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	OUR REF RFQ 600066536 - PR 10023150.exe
Token: SeDebugPrivilege	340	RegSvcs.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27
PID 2008 wrote to memory of 340	2008	OUR REF RFQ 600066536 - PR 10023150.exe	27

memory/340-61-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/340-66-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/340-65-0x0000000000A40000-0x0000000000D43000-memory.dmp

Filesize
3.0MB

Download
memory/340-64-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/340-63-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/340-62-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2008-57-0x0000000002150000-0x0000000002190000-memory.dmp

Filesize
256KB

Download
memory/2008-60-0x0000000002070000-0x00000000020A8000-memory.dmp

Filesize
224KB

Download
memory/2008-59-0x0000000005C60000-0x0000000005CD0000-memory.dmp

Filesize
448KB

Download
memory/2008-58-0x00000000009D0000-0x00000000009DC000-memory.dmp

Filesize
48KB

Download
memory/2008-54-0x0000000000A30000-0x0000000000ADA000-memory.dmp

Filesize
680KB

Download
memory/2008-56-0x0000000000960000-0x0000000000974000-memory.dmp

Filesize
80KB

Download
memory/2008-55-0x0000000002150000-0x0000000002190000-memory.dmp

Filesize
256KB

Download