bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01-09-2023 14:28

Target

bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8.exe
Size

743KB
MD5

77e9b43734e5243cd857fdc726b3bc6c
SHA1

7410470faa8149ec503f8c321c454cbd91537066
SHA256

bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8
SHA512

7e8f3f1fb166664501074c09425eefe78f5b13d0e73e051d2644aded3d400a686d5526632832a5b059a945b1e56a2711b4fc08b248498b7fde077cffccb5e756
SSDEEP

12288:nRyTSktU4g/n/t0EW5A0zyYvJwQ5oAlK+GE4vebIk6bQQ52LgRg08y5Hpnrzv:RStU4gf2EW5A2DJr/kS4vGIk6v3Hf

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1704	Hacker.com.cn.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2204	bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8.exe
Token: SeDebugPrivilege	1704	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1704	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1228	1704	Hacker.com.cn.exe	29
PID 1704 wrote to memory of 1228	1704	Hacker.com.cn.exe	29
PID 1704 wrote to memory of 1228	1704	Hacker.com.cn.exe	29
PID 1704 wrote to memory of 1228	1704	Hacker.com.cn.exe	29

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:1228

C:\Windows\Hacker.com.cn.exe

Filesize
743KB

MD5
77e9b43734e5243cd857fdc726b3bc6c

SHA1
7410470faa8149ec503f8c321c454cbd91537066

SHA256
bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8

SHA512
7e8f3f1fb166664501074c09425eefe78f5b13d0e73e051d2644aded3d400a686d5526632832a5b059a945b1e56a2711b4fc08b248498b7fde077cffccb5e756

Download Submit
C:\Windows\Hacker.com.cn.exe

Filesize
743KB

MD5
77e9b43734e5243cd857fdc726b3bc6c

SHA1
7410470faa8149ec503f8c321c454cbd91537066

SHA256
bc8f0f434ca9dab32771467b0be143182d57ef0979f68a7165fc253482e3f5a8

SHA512
7e8f3f1fb166664501074c09425eefe78f5b13d0e73e051d2644aded3d400a686d5526632832a5b059a945b1e56a2711b4fc08b248498b7fde077cffccb5e756

Download Submit
memory/1704-4-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1704-7-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/1704-8-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1704-9-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/1704-13-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2204-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2204-6-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download