31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 10:40

Target

31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7.exe
Size

244KB
MD5

1d1151763d366a2f0e1347cea8b8781e
SHA1

0a678258e9cb0b58b329f1c85cb5dabb3db29770
SHA256

31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7
SHA512

e2f1c0644908b25deaf9aa7a460b2ad36ce7d2d261f89e033ebc5cbe41f848afc9a387399e824781095ae159fa2878bd40feafd1b2536f6f1b4100ebb84cc9d9
SSDEEP

6144:ftEAfPRVQTp6lYIjjgoTb0LGMjIl8t33PKZKv0OT:ftEAVK6i2/oL7IKt33PsKv04

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4476-133-0x00007FF7F59D0000-0x00007FF7F5B18000-memory.dmp	upx
behavioral2/memory/4476-136-0x00007FF7F59D0000-0x00007FF7F5B18000-memory.dmp	upx

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	7	Scripting Hero

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4476	31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7.exe
Token: SeDebugPrivilege	4476	31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7.exe
Token: SeCreateGlobalPrivilege	4476	31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7.exe

C:\Users\Admin\AppData\Local\Temp\31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7.exe
"C:\Users\Admin\AppData\Local\Temp\31c12318598fec69357b6c5925089e33462293365bd28e600919d1d4c45f64e7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4476

memory/4476-133-0x00007FF7F59D0000-0x00007FF7F5B18000-memory.dmp

Filesize
1.3MB

Download
memory/4476-136-0x00007FF7F59D0000-0x00007FF7F5B18000-memory.dmp

Filesize
1.3MB

Download