Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
11/08/2023, 19:36
Behavioral task
behavioral1
Sample
xaKdKZI3e9WD.exe
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
xaKdKZI3e9WD.exe
Resource
win10v2004-20230703-en
2 signatures
150 seconds
General
-
Target
xaKdKZI3e9WD.exe
-
Size
32KB
-
MD5
e37c35d72029ee64e9b86adc6dfb53f6
-
SHA1
96c572d1c7813e821bcac26460a4b8777c4e7cf6
-
SHA256
e936c50b852c04e153e12893717f7ef6e059dbce99fe615243d1109c5cd1de66
-
SHA512
ba4884d732546668d1bd3d0f0b7372e4561063e3243eb7f1421962d43983e5704e9ebcf722403b0ae3fa6224500a7253c576f2064c6e2fb9aadc8e85e38f739a
-
SSDEEP
384:00bUe5XB4e0XGODB4GepWTvtTUFQqz97ObbbF:RT9BuVmDulbZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 844 xaKdKZI3e9WD.exe Token: 33 844 xaKdKZI3e9WD.exe Token: SeIncBasePriorityPrivilege 844 xaKdKZI3e9WD.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 844 wrote to memory of 2852 844 xaKdKZI3e9WD.exe 29 PID 844 wrote to memory of 2852 844 xaKdKZI3e9WD.exe 29 PID 844 wrote to memory of 2852 844 xaKdKZI3e9WD.exe 29 PID 844 wrote to memory of 2852 844 xaKdKZI3e9WD.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:844 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"2⤵PID:2852
-