Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
11/08/2023, 20:04
Behavioral task
behavioral1
Sample
xZJKmUXowvtp.exe
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
xZJKmUXowvtp.exe
Resource
win10v2004-20230703-en
2 signatures
150 seconds
General
-
Target
xZJKmUXowvtp.exe
-
Size
32KB
-
MD5
577ecc8ea50f5633d57902d4d4f1b925
-
SHA1
88eb87e9985342c9117d3945bf771d2cb9ab8575
-
SHA256
784e7f352ce8a8ca2e2909967bb42e67652e964c981640222ba11aaa148f092d
-
SHA512
339d4c31eabd9bb71ad593b9b2d40ab60f5e6fbc4f0d5f861c6e806191d10ada57a4ddf34a0e395ac1d6ee414507392e7c5cee686ce452f369435ace9e0afff0
-
SSDEEP
384:k0bUe5XB4e0XmOnpQq1pvmufCsIsBWTFtTUFQqz9sObb9:hT9Bu1pQqvvmu6FGb9
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2516 xZJKmUXowvtp.exe Token: 33 2516 xZJKmUXowvtp.exe Token: SeIncBasePriorityPrivilege 2516 xZJKmUXowvtp.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2516 wrote to memory of 2300 2516 xZJKmUXowvtp.exe 29 PID 2516 wrote to memory of 2300 2516 xZJKmUXowvtp.exe 29 PID 2516 wrote to memory of 2300 2516 xZJKmUXowvtp.exe 29 PID 2516 wrote to memory of 2300 2516 xZJKmUXowvtp.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\xZJKmUXowvtp.exe"C:\Users\Admin\AppData\Local\Temp\xZJKmUXowvtp.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\xZJKmUXowvtp.exe"2⤵PID:2300
-