8e050001e6fb1e5b3ae36eaa585d0cdd075dd80fb44cfb7cd6c058da03c71027

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23-08-2023 05:57

Target

9cd889e65235a00e96a92e4304307f53.exe
Size

969KB
MD5

9cd889e65235a00e96a92e4304307f53
SHA1

b4fbf0aab8d2695231ee54615c60a917bf9ad2cd
SHA256

8e050001e6fb1e5b3ae36eaa585d0cdd075dd80fb44cfb7cd6c058da03c71027
SHA512

7a7b4e48f9145e0e3f34eb321f8d62488ded7fd5e34263beeb6ae16af53fa3b17f19617ea29af6f6ad38bc3b264c7ac0333ca82604bb56a8b0928630e62c670e
SSDEEP

24576:NS9lCe9qhJ4pdsEQ2ZM5R1HuimkVZPmkgPV4dfTL4:SlCe9qhJ4peLgMr5THLekgOZk

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2816 set thread context of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2816	9cd889e65235a00e96a92e4304307f53.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 3008	2816	9cd889e65235a00e96a92e4304307f53.exe	30
PID 2816 wrote to memory of 3008	2816	9cd889e65235a00e96a92e4304307f53.exe	30
PID 2816 wrote to memory of 3008	2816	9cd889e65235a00e96a92e4304307f53.exe	30
PID 2816 wrote to memory of 3008	2816	9cd889e65235a00e96a92e4304307f53.exe	30
PID 2816 wrote to memory of 2756	2816	9cd889e65235a00e96a92e4304307f53.exe	31
PID 2816 wrote to memory of 2756	2816	9cd889e65235a00e96a92e4304307f53.exe	31
PID 2816 wrote to memory of 2756	2816	9cd889e65235a00e96a92e4304307f53.exe	31
PID 2816 wrote to memory of 2756	2816	9cd889e65235a00e96a92e4304307f53.exe	31
PID 2816 wrote to memory of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32
PID 2816 wrote to memory of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32
PID 2816 wrote to memory of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32
PID 2816 wrote to memory of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32
PID 2816 wrote to memory of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32
PID 2816 wrote to memory of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32
PID 2816 wrote to memory of 2748	2816	9cd889e65235a00e96a92e4304307f53.exe	32

C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe
"C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe
  "C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe"
  2⤵
  PID:3008
- C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe
  "C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe"
  2⤵
  PID:2756
- C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe
  "C:\Users\Admin\AppData\Local\Temp\9cd889e65235a00e96a92e4304307f53.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748

memory/2748-62-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2748-70-0x00000000009D0000-0x0000000000CD3000-memory.dmp

Filesize
3.0MB

Download
memory/2748-68-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2748-69-0x00000000009D0000-0x0000000000CD3000-memory.dmp

Filesize
3.0MB

Download
memory/2748-66-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2748-64-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2748-63-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2816-58-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/2816-61-0x00000000059D0000-0x0000000005A7E000-memory.dmp

Filesize
696KB

Download
memory/2816-60-0x0000000000A20000-0x0000000000A2E000-memory.dmp

Filesize
56KB

Download
memory/2816-59-0x0000000004D20000-0x0000000004D60000-memory.dmp

Filesize
256KB

Download
memory/2816-54-0x00000000001F0000-0x00000000002E8000-memory.dmp

Filesize
992KB

Download
memory/2816-67-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/2816-57-0x0000000000A00000-0x0000000000A1A000-memory.dmp

Filesize
104KB

Download
memory/2816-56-0x0000000004D20000-0x0000000004D60000-memory.dmp

Filesize
256KB

Download
memory/2816-55-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download