Analysis
-
max time kernel
156s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2023 02:02
Static task
static1
Behavioral task
behavioral1
Sample
c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe
Resource
win10v2004-20230915-en
General
-
Target
c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe
-
Size
3.5MB
-
MD5
320ef70127560637edb65f5ca1aa46c9
-
SHA1
c27c272e9385e675659600c2abdf2377b1144a39
-
SHA256
c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9
-
SHA512
3d728e6c556aa95a16e6bff4acf658ffd3a9ae267d1486908fb22491abaca65cfe723054a5b1b93d1762217e030523c2d97dec3b0b2e64a2285c3c5cf035ee39
-
SSDEEP
24576:QyGbP5poyteopecGJQUuTvzjPJjTPs64/Ac1cTniRkZqESyPlhKJKToRW+jJzn3c:Qvp465Tc3Rk1QRuLn0Znvyf0hIbobxo3
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1124 c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe 1124 c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1124 c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1124 c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe 1124 c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe"C:\Users\Admin\AppData\Local\Temp\c5f636cde3595b799b852ce27a9f939df75a9637907c0859120cfcc9250db0a9.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1124