5d95b52efcb12349fe0a0734622162be408c34b0b970239e3dd374bb47b133ac

Analysis

max time kernel
147s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/07/2023, 16:50

Target

INQUIRY.exe
Size

884KB
MD5

0972962189b71513753b8d18b5534d3d
SHA1

25af31400e9826c8e8ae8819fee378edb514c7df
SHA256

5d95b52efcb12349fe0a0734622162be408c34b0b970239e3dd374bb47b133ac
SHA512

d83e22d0c58a5bc48ce5edcc24f6a536ad059e9041233e1b1c98ab06363f53160dfe5d43c7b16c19d821c99d3269877f342f6b08ce81307b550b36a3ea373ba4
SSDEEP

24576:lU2+wd/r90JNuanPwZU1FC426I5+p4+5VfBVfBVf:O2+KmWOIZo4x6I5W4+TfLfLf

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2108 set thread context of 2980	2108	INQUIRY.exe	30

Suspicious behavior: EnumeratesProcesses 25 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	INQUIRY.exe
Token: SeDebugPrivilege	2980	RegSvcs.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30
PID 2108 wrote to memory of 2980	2108	INQUIRY.exe	30

memory/2108-60-0x0000000004D10000-0x0000000004D80000-memory.dmp

Filesize
448KB

Download
memory/2108-55-0x0000000074A10000-0x00000000750FE000-memory.dmp

Filesize
6.9MB

Download
memory/2108-56-0x0000000004CD0000-0x0000000004D10000-memory.dmp

Filesize
256KB

Download
memory/2108-57-0x00000000004E0000-0x00000000004F2000-memory.dmp

Filesize
72KB

Download
memory/2108-58-0x0000000074A10000-0x00000000750FE000-memory.dmp

Filesize
6.9MB

Download
memory/2108-59-0x0000000004CD0000-0x0000000004D10000-memory.dmp

Filesize
256KB

Download
memory/2108-54-0x00000000008F0000-0x00000000009D2000-memory.dmp

Filesize
904KB

Download
memory/2108-69-0x0000000074A10000-0x00000000750FE000-memory.dmp

Filesize
6.9MB

Download
memory/2980-67-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2980-65-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2980-61-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2980-68-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2980-63-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/2980-70-0x0000000000770000-0x0000000000A73000-memory.dmp

Filesize
3.0MB

Download
memory/2980-71-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download