Analysis
-
max time kernel
139s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
05/09/2023, 16:05
Behavioral task
behavioral1
Sample
x5rcnYdSS63I.exe
Resource
win7-20230831-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
x5rcnYdSS63I.exe
Resource
win10v2004-20230831-en
2 signatures
150 seconds
General
-
Target
x5rcnYdSS63I.exe
-
Size
32KB
-
MD5
7377cd7083dd08f6c896069b6e235525
-
SHA1
3dd5b7405fdc95686a8aaf1fbb60b37f9f6482c0
-
SHA256
37a9de85c77b7c0bcf5e7147ec294a3bb9158aff6a5b2aca6e98b11d33c4ae75
-
SHA512
b14fa6d7dfdfc5645d65dab251a144196e2f929db756d27e344a7e4c7d40efc03f83dd8a3350d4d11d0debabb15c922a07e06d42958df4f6c5115de6bf1d6065
-
SSDEEP
384:f0bUe5XB4e0XfOZeANuiEO0YaBWTatTUFQqzFSObb8:UT9Bu2IguiEYqgb8
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeDebugPrivilege 3136 x5rcnYdSS63I.exe Token: 33 3136 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 3136 x5rcnYdSS63I.exe Token: 33 3136 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 3136 x5rcnYdSS63I.exe Token: 33 3136 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 3136 x5rcnYdSS63I.exe Token: 33 3136 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 3136 x5rcnYdSS63I.exe Token: 33 3136 x5rcnYdSS63I.exe Token: SeIncBasePriorityPrivilege 3136 x5rcnYdSS63I.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3136 wrote to memory of 3080 3136 x5rcnYdSS63I.exe 87 PID 3136 wrote to memory of 3080 3136 x5rcnYdSS63I.exe 87 PID 3136 wrote to memory of 3080 3136 x5rcnYdSS63I.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\x5rcnYdSS63I.exe"2⤵PID:3080
-