3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8

Analysis

max time kernel
122s
max time network
140s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
02/08/2023, 18:15

Target

3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
Size

710KB
MD5

ad4f2f6a656a68a65377a5192a3a3a3f
SHA1

e0d41cd0405b1c65fa33a6b4335c3c677a8e04df
SHA256

3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8
SHA512

14183d5693b22f6f6b8346e21e596ae25fd4c78ded9f480ac54326fd252e312d2ba57bbc2c89820ac5b6d64c78c01f3bb6c4835a2904fec41e2416516ac7994a
SSDEEP

12288:nsHrgjj1NswMg7U0FXCnO7uxCRWUsAL1DjQoA/C+vHUm:nsLgjj1Nqg7rZCn8uCRp1DjGC+v

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2288 set thread context of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
2524	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29
PID 2288 wrote to memory of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29
PID 2288 wrote to memory of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29
PID 2288 wrote to memory of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29
PID 2288 wrote to memory of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29
PID 2288 wrote to memory of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29
PID 2288 wrote to memory of 2524	2288	3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe	29

C:\Users\Admin\AppData\Local\Temp\3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\3ff320e3607b1dfa12d8a8fdc4e4b8b34368cd47d848e39f30cc4d260fc612f8exe_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524

memory/2288-62-0x00000000055E0000-0x0000000005654000-memory.dmp

Filesize
464KB

Download
memory/2288-68-0x0000000074320000-0x0000000074A0E000-memory.dmp

Filesize
6.9MB

Download
memory/2288-56-0x0000000074320000-0x0000000074A0E000-memory.dmp

Filesize
6.9MB

Download
memory/2288-57-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download
memory/2288-58-0x0000000004890000-0x00000000048D0000-memory.dmp

Filesize
256KB

Download
memory/2288-59-0x0000000000520000-0x0000000000532000-memory.dmp

Filesize
72KB

Download
memory/2288-55-0x00000000009B0000-0x0000000000A68000-memory.dmp

Filesize
736KB

Download
memory/2288-60-0x0000000000980000-0x0000000000988000-memory.dmp

Filesize
32KB

Download
memory/2288-54-0x0000000074320000-0x0000000074A0E000-memory.dmp

Filesize
6.9MB

Download
memory/2288-61-0x0000000000990000-0x000000000099A000-memory.dmp

Filesize
40KB

Download
memory/2524-63-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2524-65-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2524-67-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2524-64-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2524-69-0x0000000000A70000-0x0000000000D73000-memory.dmp

Filesize
3.0MB

Download
memory/2524-70-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download