30e641405af2fa5bc1a705bf239a45bf8b8e42d6bf2c2692d98299d4a8ff344e

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230824-en
resource tags

arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
submitted
27-08-2023 19:22

Target

93e7784defa1b30dcc93427bae186724.exe
Size

1.3MB
MD5

93e7784defa1b30dcc93427bae186724
SHA1

eb20295f9ee17ce56965fc426c347a4fa7992fcc
SHA256

30e641405af2fa5bc1a705bf239a45bf8b8e42d6bf2c2692d98299d4a8ff344e
SHA512

abb0dde73b5c7b48335ffe7c1b42870921505b598c7e926ce0fc7e0298d0f0c3d826b8a735144003a5823c9af76ebd7a1d340988f73705910f00cdf8641ba13c
SSDEEP

12288:suyj5aH+AStprOKd+RyAWjOXjrWq7WWXFpdp8LxwrLqgpwZWpT6oIfo1AfBNAWUU:L+Ltbd+R2OXjrWq51pmxwrNpKWZ6D

Score

7^/10

Drops startup file 1 IoCs

Processes:

93e7784defa1b30dcc93427bae186724.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pekmez.lnk	93e7784defa1b30dcc93427bae186724.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

93e7784defa1b30dcc93427bae186724.exe

description pid process

Token: SeDebugPrivilege 868 93e7784defa1b30dcc93427bae186724.exe

description	pid	process
Token: SeDebugPrivilege	868	93e7784defa1b30dcc93427bae186724.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

memory/868-0-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/868-1-0x0000000000FB0000-0x00000000010FC000-memory.dmp

Filesize
1.3MB

Download
memory/868-3-0x0000000005910000-0x0000000005950000-memory.dmp

Filesize
256KB

Download
memory/868-4-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download