f7b372825e20fb9e6c038cc2f67aebbcc4bebbe2bdef97c7dec09933d6aa4419

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 20:46

Target

PURCHASE.exe
Size

852KB
MD5

d1cd47f7c1b362dd9f478ad795596180
SHA1

629f14639425f40e3ad081e4fcb0b4238e4f40d1
SHA256

325af2369691a45f5421d141a8b4e7d5a1a1bc28bce159ccc421daabaec846fe
SHA512

df80b30f5822bc106cc3781609ffdc922faa4d5496ae2b20d6e85f0bbd0d63b7b44f39a61e0dd63ee6467aa5dc147d04466e74a491677bd8bb6f65e7a168b1b3
SSDEEP

24576:Fo/thewlqB6p9+KJHHxQcRy93RvsB3VuCXdY:6e2q8p93Qb93R03n

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3640 set thread context of 5100	3640	PURCHASE.exe	97

Suspicious behavior: EnumeratesProcesses 52 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3640	PURCHASE.exe
Token: SeDebugPrivilege	5100	MSBuild.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 544	3640	PURCHASE.exe	94
PID 3640 wrote to memory of 544	3640	PURCHASE.exe	94
PID 3640 wrote to memory of 544	3640	PURCHASE.exe	94
PID 3640 wrote to memory of 1108	3640	PURCHASE.exe	95
PID 3640 wrote to memory of 1108	3640	PURCHASE.exe	95
PID 3640 wrote to memory of 1108	3640	PURCHASE.exe	95
PID 3640 wrote to memory of 3924	3640	PURCHASE.exe	96
PID 3640 wrote to memory of 3924	3640	PURCHASE.exe	96
PID 3640 wrote to memory of 3924	3640	PURCHASE.exe	96
PID 3640 wrote to memory of 5100	3640	PURCHASE.exe	97
PID 3640 wrote to memory of 5100	3640	PURCHASE.exe	97
PID 3640 wrote to memory of 5100	3640	PURCHASE.exe	97
PID 3640 wrote to memory of 5100	3640	PURCHASE.exe	97
PID 3640 wrote to memory of 5100	3640	PURCHASE.exe	97
PID 3640 wrote to memory of 5100	3640	PURCHASE.exe	97

C:\Users\Admin\AppData\Local\Temp\PURCHASE.exe
"C:\Users\Admin\AppData\Local\Temp\PURCHASE.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:544
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1108
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3924
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5100

memory/3640-139-0x0000000075240000-0x00000000759F0000-memory.dmp

Filesize
7.7MB

Download
memory/3640-145-0x0000000075240000-0x00000000759F0000-memory.dmp

Filesize
7.7MB

Download
memory/3640-135-0x0000000005E30000-0x00000000063D4000-memory.dmp

Filesize
5.6MB

Download
memory/3640-136-0x0000000005880000-0x0000000005912000-memory.dmp

Filesize
584KB

Download
memory/3640-137-0x0000000005AE0000-0x0000000005AF0000-memory.dmp

Filesize
64KB

Download
memory/3640-138-0x0000000005990000-0x000000000599A000-memory.dmp

Filesize
40KB

Download
memory/3640-141-0x0000000008860000-0x00000000088FC000-memory.dmp

Filesize
624KB

Download
memory/3640-133-0x0000000075240000-0x00000000759F0000-memory.dmp

Filesize
7.7MB

Download
memory/3640-134-0x0000000000D30000-0x0000000000E0A000-memory.dmp

Filesize
872KB

Download
memory/3640-140-0x0000000005AE0000-0x0000000005AF0000-memory.dmp

Filesize
64KB

Download
memory/5100-146-0x0000000001060000-0x00000000013AA000-memory.dmp

Filesize
3.3MB

Download
memory/5100-144-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5100-142-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/5100-147-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download