f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f

Analysis

max time kernel
65s
max time network
34s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
27-06-2023 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
Size

2.2MB
MD5

4c5e571050a0cd02c4b291ddf1382dda
SHA1

617c9f96fca56a74c1a46a091f47d820d5f66da4
SHA256

f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f
SHA512

6d5426acd5b0fa1c21475bc83ada1afc23eba40cc34ee6b0ab670ea0870a7c90affee6bbd89fd2c254a34888136e6aedcfacc6462fe37e129627ec76ca20e83e
SSDEEP

24576:SkT/Hk7qm8vUPKD7rabrpnWzmGnVm0wTZPaWvwsGTtISNFQjFJsu3xQRse9aqD21:jDUqXMSDnxm0VRwPwsnRFSue91j8TP5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 576	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	28
PID 1992 wrote to memory of 576	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	28
PID 1992 wrote to memory of 576	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	28
PID 1992 wrote to memory of 576	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	28
PID 1992 wrote to memory of 588	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	29
PID 1992 wrote to memory of 588	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	29
PID 1992 wrote to memory of 588	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	29
PID 1992 wrote to memory of 588	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	29
PID 1992 wrote to memory of 568	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	30
PID 1992 wrote to memory of 568	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	30
PID 1992 wrote to memory of 568	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	30
PID 1992 wrote to memory of 568	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	30
PID 1992 wrote to memory of 1436	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	31
PID 1992 wrote to memory of 1436	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	31
PID 1992 wrote to memory of 1436	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	31
PID 1992 wrote to memory of 1436	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	31
PID 1992 wrote to memory of 852	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	32
PID 1992 wrote to memory of 852	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	32
PID 1992 wrote to memory of 852	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	32
PID 1992 wrote to memory of 852	1992	f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe	32

C:\Users\Admin\AppData\Local\Temp\f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
"C:\Users\Admin\AppData\Local\Temp\f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
  "{path}"
  2⤵
  PID:576
- C:\Users\Admin\AppData\Local\Temp\f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
  "{path}"
  2⤵
  PID:588
- C:\Users\Admin\AppData\Local\Temp\f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
  "{path}"
  2⤵
  PID:568
- C:\Users\Admin\AppData\Local\Temp\f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
  "{path}"
  2⤵
  PID:1436
- C:\Users\Admin\AppData\Local\Temp\f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f.exe
  "{path}"
  2⤵
  PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-54-0x0000000000200000-0x0000000000438000-memory.dmp

Filesize
2.2MB

Download
memory/1992-55-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download
memory/1992-56-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download
memory/1992-57-0x00000000005F0000-0x0000000000604000-memory.dmp

Filesize
80KB

Download
memory/1992-58-0x0000000008280000-0x0000000008448000-memory.dmp

Filesize
1.8MB

Download
memory/1992-59-0x0000000009560000-0x00000000096D4000-memory.dmp

Filesize
1.5MB

Download