8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557

Analysis

max time kernel
106s
max time network
35s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 15:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557_JC.exe
Size

3.3MB
MD5

810964c02876ba8d7e948df10103bec7
SHA1

2530fecca562e97ee87269c0c23ade8409816261
SHA256

8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557
SHA512

27400ae46eb7d14fcfce395f249d31e8b2012716b03457dcbf91e9a6e92b94ac147ba69af9227a1150340ac8d2a9cbfa8726444e90fa47cc5ca4c453069f4718
SSDEEP

49152:XX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QV:XlRsZ47/QXoHUOfAoj1x6V

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2736	8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557_JC.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2120	wmic.exe
Token: SeSecurityPrivilege	2120	wmic.exe
Token: SeTakeOwnershipPrivilege	2120	wmic.exe
Token: SeLoadDriverPrivilege	2120	wmic.exe
Token: SeSystemProfilePrivilege	2120	wmic.exe
Token: SeSystemtimePrivilege	2120	wmic.exe
Token: SeProfSingleProcessPrivilege	2120	wmic.exe
Token: SeIncBasePriorityPrivilege	2120	wmic.exe
Token: SeCreatePagefilePrivilege	2120	wmic.exe
Token: SeBackupPrivilege	2120	wmic.exe
Token: SeRestorePrivilege	2120	wmic.exe
Token: SeShutdownPrivilege	2120	wmic.exe
Token: SeDebugPrivilege	2120	wmic.exe
Token: SeSystemEnvironmentPrivilege	2120	wmic.exe
Token: SeRemoteShutdownPrivilege	2120	wmic.exe
Token: SeUndockPrivilege	2120	wmic.exe
Token: SeManageVolumePrivilege	2120	wmic.exe
Token: 33	2120	wmic.exe
Token: 34	2120	wmic.exe
Token: 35	2120	wmic.exe
Token: SeIncreaseQuotaPrivilege	2120	wmic.exe
Token: SeSecurityPrivilege	2120	wmic.exe
Token: SeTakeOwnershipPrivilege	2120	wmic.exe
Token: SeLoadDriverPrivilege	2120	wmic.exe
Token: SeSystemProfilePrivilege	2120	wmic.exe
Token: SeSystemtimePrivilege	2120	wmic.exe
Token: SeProfSingleProcessPrivilege	2120	wmic.exe
Token: SeIncBasePriorityPrivilege	2120	wmic.exe
Token: SeCreatePagefilePrivilege	2120	wmic.exe
Token: SeBackupPrivilege	2120	wmic.exe
Token: SeRestorePrivilege	2120	wmic.exe
Token: SeShutdownPrivilege	2120	wmic.exe
Token: SeDebugPrivilege	2120	wmic.exe
Token: SeSystemEnvironmentPrivilege	2120	wmic.exe
Token: SeRemoteShutdownPrivilege	2120	wmic.exe
Token: SeUndockPrivilege	2120	wmic.exe
Token: SeManageVolumePrivilege	2120	wmic.exe
Token: 33	2120	wmic.exe
Token: 34	2120	wmic.exe
Token: 35	2120	wmic.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2120	2736	8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557_JC.exe	29
PID 2736 wrote to memory of 2120	2736	8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557_JC.exe	29
PID 2736 wrote to memory of 2120	2736	8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557_JC.exe	29

C:\Users\Admin\AppData\Local\Temp\8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557_JC.exe
"C:\Users\Admin\AppData\Local\Temp\8d0b0169b48d4a7e1d642a24401538a08f6214a0acb9fd9819c923082a60c557_JC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\system32\wbem\wmic.exe
  wmic os get oslanguage /FORMAT:LIST
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2120

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads