e02b12d3fa371dad7afc526bbb556c24f3d7df8040861b7fd2ddfb3b79b0999d

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12/06/2023, 10:32

Target

test.exe
Size

4.8MB
MD5

cb642899ace100ad78d71a9102009e47
SHA1

650d203349e348b9a618344b9f4321747fc85ceb
SHA256

e02b12d3fa371dad7afc526bbb556c24f3d7df8040861b7fd2ddfb3b79b0999d
SHA512

247c511f2e30fcf36e18923b917a4a5a6bd40aa2978caa2fb881d81b0948d75b4f333760009235e69837684ad798a9d4431c678a78b6b1cb4d94d1976b444300
SSDEEP

49152:pD8PocNS3HDdrb/TzvO90d7HjmAFd4A64nsfJNflLVLgMJJXwPjNFacKhtv+NPqo:z3Hgflu8X3EyhErUH

Score

6^/10

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
792	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	792	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 792	2036	test.exe	29
PID 2036 wrote to memory of 792	2036	test.exe	29
PID 2036 wrote to memory of 792	2036	test.exe	29

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "(Get-WmiObject Win32_VideoController).Name"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:792

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

memory/792-58-0x000000001B360000-0x000000001B642000-memory.dmp

Filesize
2.9MB

Download
memory/792-60-0x00000000029E0000-0x0000000002A60000-memory.dmp

Filesize
512KB

Download
memory/792-59-0x0000000001F10000-0x0000000001F18000-memory.dmp

Filesize
32KB

Download
memory/792-61-0x00000000029E0000-0x0000000002A60000-memory.dmp

Filesize
512KB

Download
memory/792-62-0x00000000029EB000-0x0000000002A22000-memory.dmp

Filesize
220KB

Download