Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
05/09/2023, 16:05
Behavioral task
behavioral1
Sample
x5rcnYdSS63I.exe
Resource
win7-20230831-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
x5rcnYdSS63I.exe
Resource
win10v2004-20230831-en
2 signatures
150 seconds
General
-
Target
x5rcnYdSS63I.exe
-
Size
32KB
-
MD5
7377cd7083dd08f6c896069b6e235525
-
SHA1
3dd5b7405fdc95686a8aaf1fbb60b37f9f6482c0
-
SHA256
37a9de85c77b7c0bcf5e7147ec294a3bb9158aff6a5b2aca6e98b11d33c4ae75
-
SHA512
b14fa6d7dfdfc5645d65dab251a144196e2f929db756d27e344a7e4c7d40efc03f83dd8a3350d4d11d0debabb15c922a07e06d42958df4f6c5115de6bf1d6065
-
SSDEEP
384:f0bUe5XB4e0XfOZeANuiEO0YaBWTatTUFQqzFSObb8:UT9Bu2IguiEYqgb8
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeDebugPrivilege 868 x5rcnYdSS63I.exe Token: 33 868 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 868 x5rcnYdSS63I.exe Token: 33 868 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 868 x5rcnYdSS63I.exe Token: 33 868 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 868 x5rcnYdSS63I.exe Token: 33 868 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 868 x5rcnYdSS63I.exe Token: 33 868 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 868 x5rcnYdSS63I.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 868 wrote to memory of 2088 868 x5rcnYdSS63I.exe 31 PID 868 wrote to memory of 2088 868 x5rcnYdSS63I.exe 31 PID 868 wrote to memory of 2088 868 x5rcnYdSS63I.exe 31 PID 868 wrote to memory of 2088 868 x5rcnYdSS63I.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"2⤵PID:2088
-