009131930dd84cba1c7c2f1bee7773a6e313e2d6320469cd07042439c0c7d279

Analysis

max time kernel
16s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2023, 17:31

Target

autoinject.exe
Size

1.2MB
MD5

02c5e0ed591e7f4a680c014607eeee64
SHA1

cfc3acf7143ba5d2a1a862608561fe613f3a2207
SHA256

009131930dd84cba1c7c2f1bee7773a6e313e2d6320469cd07042439c0c7d279
SHA512

77f3d7f0ff8491a9c94e41f1d7da59630c4cb353f22bd061a28f0e7c826e3d08b3b54e0f41418f7fd0c45712aff301b254970aee2d998419b95850786e76579b
SSDEEP

24576:DQN/2JqGl44dJso88Wq/dfzrmw3DvlOqPYqdP:UNOAGl4IJswj/dffz7lOqndP

Score

1^/10

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3256	autoinject.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94
PID 3256 wrote to memory of 3872	3256	autoinject.exe	94

C:\Users\Admin\AppData\Local\Temp\autoinject.exe
"C:\Users\Admin\AppData\Local\Temp\autoinject.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:3872

memory/3256-133-0x0000000074890000-0x0000000075040000-memory.dmp

Filesize
7.7MB

Download
memory/3256-134-0x00000000000E0000-0x0000000000220000-memory.dmp

Filesize
1.2MB

Download
memory/3256-135-0x0000000005720000-0x00000000057BC000-memory.dmp

Filesize
624KB

Download
memory/3256-136-0x0000000005D70000-0x0000000006314000-memory.dmp

Filesize
5.6MB

Download
memory/3256-137-0x0000000005860000-0x00000000058F2000-memory.dmp

Filesize
584KB

Download
memory/3256-138-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/3256-139-0x0000000005940000-0x000000000594A000-memory.dmp

Filesize
40KB

Download
memory/3256-140-0x0000000074890000-0x0000000075040000-memory.dmp

Filesize
7.7MB

Download
memory/3256-141-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download