70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
Size

1.9MB
MD5

534e8c1d3d71f8736793b80048c3dbdd
SHA1

d651b9cf8a717609656f13183ac1c9128e5c9105
SHA256

70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade
SHA512

3816f5c4bc1f0bb3466ec59257ab98914c3b0f3348942d01e8ab661cc071a89f2e4eb943ecd467f0710cb0fbf3a04e008a43d6a9277e725f97dec798abad2fc5
SSDEEP

24576:eGgZShKmrSYSvcrWgzZTqZ8u+gJHE3nY0AdxPQaXm7sqUF0MU8GO0bb:ee+eWghqbEGdxPRWQqy0MU8GPb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2072	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	28
PID 1968 wrote to memory of 2072	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	28
PID 1968 wrote to memory of 2072	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	28
PID 1968 wrote to memory of 2072	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	28
PID 1968 wrote to memory of 2848	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	29
PID 1968 wrote to memory of 2848	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	29
PID 1968 wrote to memory of 2848	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	29
PID 1968 wrote to memory of 2848	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	29
PID 1968 wrote to memory of 2304	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	30
PID 1968 wrote to memory of 2304	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	30
PID 1968 wrote to memory of 2304	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	30
PID 1968 wrote to memory of 2304	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	30
PID 1968 wrote to memory of 2208	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	31
PID 1968 wrote to memory of 2208	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	31
PID 1968 wrote to memory of 2208	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	31
PID 1968 wrote to memory of 2208	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	31
PID 1968 wrote to memory of 1396	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	32
PID 1968 wrote to memory of 1396	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	32
PID 1968 wrote to memory of 1396	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	32
PID 1968 wrote to memory of 1396	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	32
PID 1968 wrote to memory of 2324	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	33
PID 1968 wrote to memory of 2324	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	33
PID 1968 wrote to memory of 2324	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	33
PID 1968 wrote to memory of 2324	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	33
PID 1968 wrote to memory of 2312	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	34
PID 1968 wrote to memory of 2312	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	34
PID 1968 wrote to memory of 2312	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	34
PID 1968 wrote to memory of 2312	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	34
PID 1968 wrote to memory of 2632	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	35
PID 1968 wrote to memory of 2632	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	35
PID 1968 wrote to memory of 2632	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	35
PID 1968 wrote to memory of 2632	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	35
PID 1968 wrote to memory of 2640	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	36
PID 1968 wrote to memory of 2640	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	36
PID 1968 wrote to memory of 2640	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	36
PID 1968 wrote to memory of 2640	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	36
PID 1968 wrote to memory of 2700	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	37
PID 1968 wrote to memory of 2700	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	37
PID 1968 wrote to memory of 2700	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	37
PID 1968 wrote to memory of 2700	1968	70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe	37

C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
"C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2072
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2848
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2304
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2208
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:1396
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2312
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2640
- C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  C:\Users\Admin\AppData\Local\Temp\70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade_JC.exe
  2⤵
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-1-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download
memory/1968-0-0x0000000000230000-0x000000000041A000-memory.dmp

Filesize
1.9MB

Download
memory/1968-2-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/1968-3-0x0000000000720000-0x000000000079C000-memory.dmp

Filesize
496KB

Download
memory/1968-4-0x00000000009C0000-0x0000000000A38000-memory.dmp

Filesize
480KB

Download
memory/1968-5-0x00000000022A0000-0x0000000002308000-memory.dmp

Filesize
416KB

Download
memory/1968-6-0x0000000004640000-0x000000000468C000-memory.dmp

Filesize
304KB

Download
memory/1968-7-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download