cfd843a4218fd91e46bf20068627e94bcc20cf68ec6a84ad4811d39b8c6c7ccd

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13/07/2023, 05:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d2f580c133802c6a3d4117117d5c16cc.exe
Size

590KB
MD5

d2f580c133802c6a3d4117117d5c16cc
SHA1

eb014e24331bd1df38875d5c722e0db16dc8d5db
SHA256

cfd843a4218fd91e46bf20068627e94bcc20cf68ec6a84ad4811d39b8c6c7ccd
SHA512

4d8caad78cf422dc6c29db278c16076a7a8697e5f60c238cccc1ac7e5dbea6bf444b70baf227c3596ba7f7de89d2368d42ce1991dc9071b686affe0833f7c48c
SSDEEP

12288:PPwJpDRWJ373SENQZ6DRRu1Lc6jRhjszcNrI5GPcn:Xw03bSWQEDDvGjBi5i

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2428	d2f580c133802c6a3d4117117d5c16cc.exe
2428	d2f580c133802c6a3d4117117d5c16cc.exe
2428	d2f580c133802c6a3d4117117d5c16cc.exe
2428	d2f580c133802c6a3d4117117d5c16cc.exe
2428	d2f580c133802c6a3d4117117d5c16cc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2428	d2f580c133802c6a3d4117117d5c16cc.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2952	2428	d2f580c133802c6a3d4117117d5c16cc.exe	30
PID 2428 wrote to memory of 2952	2428	d2f580c133802c6a3d4117117d5c16cc.exe	30
PID 2428 wrote to memory of 2952	2428	d2f580c133802c6a3d4117117d5c16cc.exe	30
PID 2428 wrote to memory of 2952	2428	d2f580c133802c6a3d4117117d5c16cc.exe	30
PID 2428 wrote to memory of 3008	2428	d2f580c133802c6a3d4117117d5c16cc.exe	31
PID 2428 wrote to memory of 3008	2428	d2f580c133802c6a3d4117117d5c16cc.exe	31
PID 2428 wrote to memory of 3008	2428	d2f580c133802c6a3d4117117d5c16cc.exe	31
PID 2428 wrote to memory of 3008	2428	d2f580c133802c6a3d4117117d5c16cc.exe	31
PID 2428 wrote to memory of 2932	2428	d2f580c133802c6a3d4117117d5c16cc.exe	32
PID 2428 wrote to memory of 2932	2428	d2f580c133802c6a3d4117117d5c16cc.exe	32
PID 2428 wrote to memory of 2932	2428	d2f580c133802c6a3d4117117d5c16cc.exe	32
PID 2428 wrote to memory of 2932	2428	d2f580c133802c6a3d4117117d5c16cc.exe	32
PID 2428 wrote to memory of 2868	2428	d2f580c133802c6a3d4117117d5c16cc.exe	33
PID 2428 wrote to memory of 2868	2428	d2f580c133802c6a3d4117117d5c16cc.exe	33
PID 2428 wrote to memory of 2868	2428	d2f580c133802c6a3d4117117d5c16cc.exe	33
PID 2428 wrote to memory of 2868	2428	d2f580c133802c6a3d4117117d5c16cc.exe	33
PID 2428 wrote to memory of 2816	2428	d2f580c133802c6a3d4117117d5c16cc.exe	34
PID 2428 wrote to memory of 2816	2428	d2f580c133802c6a3d4117117d5c16cc.exe	34
PID 2428 wrote to memory of 2816	2428	d2f580c133802c6a3d4117117d5c16cc.exe	34
PID 2428 wrote to memory of 2816	2428	d2f580c133802c6a3d4117117d5c16cc.exe	34

C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe
"C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe
  "C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe"
  2⤵
  PID:2952
- C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe
  "C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe"
  2⤵
  PID:3008
- C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe
  "C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe"
  2⤵
  PID:2932
- C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe
  "C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe"
  2⤵
  PID:2868
- C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe
  "C:\Users\Admin\AppData\Local\Temp\d2f580c133802c6a3d4117117d5c16cc.exe"
  2⤵
  PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2428-53-0x00000000001C0000-0x000000000025A000-memory.dmp

Filesize
616KB

Download
memory/2428-54-0x0000000000870000-0x000000000087C000-memory.dmp

Filesize
48KB

Download
memory/2428-55-0x0000000004BF0000-0x0000000004C30000-memory.dmp

Filesize
256KB

Download
memory/2428-56-0x0000000004BF0000-0x0000000004C30000-memory.dmp

Filesize
256KB

Download
memory/2428-57-0x0000000000880000-0x000000000088A000-memory.dmp

Filesize
40KB

Download
memory/2428-58-0x0000000005410000-0x000000000547E000-memory.dmp

Filesize
440KB

Download