bcdeedf58e90cea585acdfdbaace306512563c81c1d214c39ee4d409743c9ffc

Analysis

max time kernel
5s
max time network
12s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ConsoleApp1.exe
Size

46KB
MD5

1f6e80c2f68c084c18f7feeda2b10053
SHA1

7e07d0b30410d88e488020d41f39ea9e29b0f0a0
SHA256

bcdeedf58e90cea585acdfdbaace306512563c81c1d214c39ee4d409743c9ffc
SHA512

3b522eab3f88e20566332dbe6ed2639b0b892b2863c569da96dc7452594f5e6e6ec19472c010414a16a8e6dfce65e6b9fb635f9f17c4a96f7fbd78fc98e1c93a
SSDEEP

384:rn+VPXOb4L+0TcQq3/92S15FBxI4lfjh0yJB2fEcpxoK3BfbVdVX7W9FqWhptYc3:SvtD8/xIHyJsEcbthb2PtYcF4/Vc6K

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1048	wmic.exe
Token: SeSecurityPrivilege	1048	wmic.exe
Token: SeTakeOwnershipPrivilege	1048	wmic.exe
Token: SeLoadDriverPrivilege	1048	wmic.exe
Token: SeSystemProfilePrivilege	1048	wmic.exe
Token: SeSystemtimePrivilege	1048	wmic.exe
Token: SeProfSingleProcessPrivilege	1048	wmic.exe
Token: SeIncBasePriorityPrivilege	1048	wmic.exe
Token: SeCreatePagefilePrivilege	1048	wmic.exe
Token: SeBackupPrivilege	1048	wmic.exe
Token: SeRestorePrivilege	1048	wmic.exe
Token: SeShutdownPrivilege	1048	wmic.exe
Token: SeDebugPrivilege	1048	wmic.exe
Token: SeSystemEnvironmentPrivilege	1048	wmic.exe
Token: SeRemoteShutdownPrivilege	1048	wmic.exe
Token: SeUndockPrivilege	1048	wmic.exe
Token: SeManageVolumePrivilege	1048	wmic.exe
Token: 33	1048	wmic.exe
Token: 34	1048	wmic.exe
Token: 35	1048	wmic.exe
Token: 36	1048	wmic.exe
Token: SeIncreaseQuotaPrivilege	1048	wmic.exe
Token: SeSecurityPrivilege	1048	wmic.exe
Token: SeTakeOwnershipPrivilege	1048	wmic.exe
Token: SeLoadDriverPrivilege	1048	wmic.exe
Token: SeSystemProfilePrivilege	1048	wmic.exe
Token: SeSystemtimePrivilege	1048	wmic.exe
Token: SeProfSingleProcessPrivilege	1048	wmic.exe
Token: SeIncBasePriorityPrivilege	1048	wmic.exe
Token: SeCreatePagefilePrivilege	1048	wmic.exe
Token: SeBackupPrivilege	1048	wmic.exe
Token: SeRestorePrivilege	1048	wmic.exe
Token: SeShutdownPrivilege	1048	wmic.exe
Token: SeDebugPrivilege	1048	wmic.exe
Token: SeSystemEnvironmentPrivilege	1048	wmic.exe
Token: SeRemoteShutdownPrivilege	1048	wmic.exe
Token: SeUndockPrivilege	1048	wmic.exe
Token: SeManageVolumePrivilege	1048	wmic.exe
Token: 33	1048	wmic.exe
Token: 34	1048	wmic.exe
Token: 35	1048	wmic.exe
Token: 36	1048	wmic.exe
Token: SeShutdownPrivilege	412	ConsoleApp1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 1048	412	ConsoleApp1.exe	87
PID 412 wrote to memory of 1048	412	ConsoleApp1.exe	87
PID 412 wrote to memory of 1048	412	ConsoleApp1.exe	87

C:\Users\Admin\AppData\Local\Temp\ConsoleApp1.exe
"C:\Users\Admin\AppData\Local\Temp\ConsoleApp1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:412
- C:\Windows\SysWOW64\Wbem\wmic.exe
  "wmic" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/412-133-0x00000000006A0000-0x00000000006B0000-memory.dmp

Filesize
64KB

Download
memory/412-134-0x0000000074B10000-0x00000000752C0000-memory.dmp

Filesize
7.7MB

Download
memory/412-135-0x0000000005540000-0x0000000005AE4000-memory.dmp

Filesize
5.6MB

Download
memory/412-136-0x0000000005090000-0x0000000005122000-memory.dmp

Filesize
584KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads