Analysis
-
max time kernel
127s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
11/08/2023, 20:05
Behavioral task
behavioral1
Sample
xZJKmUXowvtp.exe
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
xZJKmUXowvtp.exe
Resource
win10v2004-20230703-en
2 signatures
150 seconds
General
-
Target
xZJKmUXowvtp.exe
-
Size
32KB
-
MD5
577ecc8ea50f5633d57902d4d4f1b925
-
SHA1
88eb87e9985342c9117d3945bf771d2cb9ab8575
-
SHA256
784e7f352ce8a8ca2e2909967bb42e67652e964c981640222ba11aaa148f092d
-
SHA512
339d4c31eabd9bb71ad593b9b2d40ab60f5e6fbc4f0d5f861c6e806191d10ada57a4ddf34a0e395ac1d6ee414507392e7c5cee686ce452f369435ace9e0afff0
-
SSDEEP
384:k0bUe5XB4e0XmOnpQq1pvmufCsIsBWTFtTUFQqz9sObb9:hT9Bu1pQqvvmu6FGb9
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 3728 xZJKmUXowvtp.exe Token: 33 3728 xZJKmUXowvtp.exe Token: SeIncBasePriorityPrivilege 3728 xZJKmUXowvtp.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3728 wrote to memory of 1124 3728 xZJKmUXowvtp.exe 89 PID 3728 wrote to memory of 1124 3728 xZJKmUXowvtp.exe 89 PID 3728 wrote to memory of 1124 3728 xZJKmUXowvtp.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\xZJKmUXowvtp.exe"C:\Users\Admin\AppData\Local\Temp\xZJKmUXowvtp.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3728 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\xZJKmUXowvtp.exe"2⤵PID:1124
-