2f0c79ee01767d02ed23922dd9d7c12715c971029fc61466629c79908385d85b

Analysis

max time kernel
76s
max time network
80s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
12/07/2023, 06:04

Target

PO20230711.exe
Size

888KB
MD5

4c1083aad30a4984b296f5d61e5607fc
SHA1

e718d4301ceca85cf85cdba441a90e5c64e48b29
SHA256

2f0c79ee01767d02ed23922dd9d7c12715c971029fc61466629c79908385d85b
SHA512

041fe947cb5832753c20097eb4165e7459ff625bbb54da2ee3fd62e796cc269656e27416c64b37562d6fcd00a9e0b8427393120277f05dcf86ad2f482913ec90
SSDEEP

12288:ZQ0wgcG40qQODBcdm8GV4VdnpwIvsNlpa:ZC5rNGGVSnF8

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2100	PO20230711.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1520	2100	PO20230711.exe	29
PID 2100 wrote to memory of 1520	2100	PO20230711.exe	29
PID 2100 wrote to memory of 1520	2100	PO20230711.exe	29
PID 2100 wrote to memory of 1520	2100	PO20230711.exe	29
PID 2100 wrote to memory of 300	2100	PO20230711.exe	30
PID 2100 wrote to memory of 300	2100	PO20230711.exe	30
PID 2100 wrote to memory of 300	2100	PO20230711.exe	30
PID 2100 wrote to memory of 300	2100	PO20230711.exe	30
PID 2100 wrote to memory of 2112	2100	PO20230711.exe	31
PID 2100 wrote to memory of 2112	2100	PO20230711.exe	31
PID 2100 wrote to memory of 2112	2100	PO20230711.exe	31
PID 2100 wrote to memory of 2112	2100	PO20230711.exe	31
PID 2100 wrote to memory of 1684	2100	PO20230711.exe	32
PID 2100 wrote to memory of 1684	2100	PO20230711.exe	32
PID 2100 wrote to memory of 1684	2100	PO20230711.exe	32
PID 2100 wrote to memory of 1684	2100	PO20230711.exe	32
PID 2100 wrote to memory of 2304	2100	PO20230711.exe	33
PID 2100 wrote to memory of 2304	2100	PO20230711.exe	33
PID 2100 wrote to memory of 2304	2100	PO20230711.exe	33
PID 2100 wrote to memory of 2304	2100	PO20230711.exe	33

C:\Users\Admin\AppData\Local\Temp\PO20230711.exe
"C:\Users\Admin\AppData\Local\Temp\PO20230711.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\PO20230711.exe
  "C:\Users\Admin\AppData\Local\Temp\PO20230711.exe"
  2⤵
  PID:1520
- C:\Users\Admin\AppData\Local\Temp\PO20230711.exe
  "C:\Users\Admin\AppData\Local\Temp\PO20230711.exe"
  2⤵
  PID:300
- C:\Users\Admin\AppData\Local\Temp\PO20230711.exe
  "C:\Users\Admin\AppData\Local\Temp\PO20230711.exe"
  2⤵
  PID:2112
- C:\Users\Admin\AppData\Local\Temp\PO20230711.exe
  "C:\Users\Admin\AppData\Local\Temp\PO20230711.exe"
  2⤵
  PID:1684
- C:\Users\Admin\AppData\Local\Temp\PO20230711.exe
  "C:\Users\Admin\AppData\Local\Temp\PO20230711.exe"
  2⤵
  PID:2304

memory/2100-54-0x0000000000320000-0x0000000000404000-memory.dmp

Filesize
912KB

Download
memory/2100-55-0x0000000004E30000-0x0000000004E70000-memory.dmp

Filesize
256KB

Download
memory/2100-56-0x0000000000310000-0x000000000031C000-memory.dmp

Filesize
48KB

Download
memory/2100-57-0x0000000004E30000-0x0000000004E70000-memory.dmp

Filesize
256KB

Download
memory/2100-58-0x0000000000460000-0x000000000046C000-memory.dmp

Filesize
48KB

Download
memory/2100-59-0x0000000004FE0000-0x000000000504A000-memory.dmp

Filesize
424KB

Download