Analysis
-
max time kernel
125s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
11/08/2023, 19:36
Behavioral task
behavioral1
Sample
xaKdKZI3e9WD.exe
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
xaKdKZI3e9WD.exe
Resource
win10v2004-20230703-en
2 signatures
150 seconds
General
-
Target
xaKdKZI3e9WD.exe
-
Size
32KB
-
MD5
e37c35d72029ee64e9b86adc6dfb53f6
-
SHA1
96c572d1c7813e821bcac26460a4b8777c4e7cf6
-
SHA256
e936c50b852c04e153e12893717f7ef6e059dbce99fe615243d1109c5cd1de66
-
SHA512
ba4884d732546668d1bd3d0f0b7372e4561063e3243eb7f1421962d43983e5704e9ebcf722403b0ae3fa6224500a7253c576f2064c6e2fb9aadc8e85e38f739a
-
SSDEEP
384:00bUe5XB4e0XGODB4GepWTvtTUFQqz97ObbbF:RT9BuVmDulbZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2072 xaKdKZI3e9WD.exe Token: 33 2072 xaKdKZI3e9WD.exe Token: SeIncBasePriorityPrivilege 2072 xaKdKZI3e9WD.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2072 wrote to memory of 4864 2072 xaKdKZI3e9WD.exe 89 PID 2072 wrote to memory of 4864 2072 xaKdKZI3e9WD.exe 89 PID 2072 wrote to memory of 4864 2072 xaKdKZI3e9WD.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\xaKdKZI3e9WD.exe"2⤵PID:4864
-