6b73ab2cf730e26c8609e57d23e09260d6c74db84f29ae6f786129f7a3b6512b

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
19-09-2023 10:38

Target

tmp.exe
Size

710KB
MD5

493562fc3240d634f797be4a433d72c7
SHA1

92569595aa0a20d9937bd03525a756dd35059d3b
SHA256

6b73ab2cf730e26c8609e57d23e09260d6c74db84f29ae6f786129f7a3b6512b
SHA512

70eb16d06d38d80cc4513962f6fbdeda54e6ec2bc30caa9fb112d3cd355b12c088426c823d3d4a3e315209b3fc908c0339e9cdc8de99462e87eba311f4801a75
SSDEEP

12288:406gna2iNP1UIkvEbtOgVt3KB6bxxXRZEG/p8fD5mcjtqlg6utz5l96OXaq:XTa1F14ot1aIxxAop+mc0g6MNa

Score

1^/10

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

tmp.exe

pid process

2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
2200 tmp.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

tmp.exe

description pid process

Token: SeDebugPrivilege 2200 tmp.exe

description	pid	process
Token: SeDebugPrivilege	2200	tmp.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 2200 wrote to memory of 1972	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 1972	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 1972	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 1972	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2968	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2968	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2968	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2968	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2608	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2608	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2608	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2608	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2800	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2800	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2800	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2800	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2784	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2784	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2784	2200	tmp.exe	tmp.exe
PID 2200 wrote to memory of 2784	2200	tmp.exe	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:2968
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:2608
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:2800
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  PID:2784

memory/2200-0-0x0000000000390000-0x0000000000448000-memory.dmp

Filesize
736KB

Download
memory/2200-1-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download
memory/2200-2-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download
memory/2200-3-0x0000000000460000-0x0000000000478000-memory.dmp

Filesize
96KB

Download
memory/2200-4-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download
memory/2200-5-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download
memory/2200-6-0x0000000000380000-0x000000000038A000-memory.dmp

Filesize
40KB

Download
memory/2200-7-0x0000000005E30000-0x0000000005E9E000-memory.dmp

Filesize
440KB

Download
memory/2200-8-0x00000000746B0000-0x0000000074D9E000-memory.dmp

Filesize
6.9MB

Download