277c015ddf75749d61703e63054c94dbbccc64dae3b39589c784f0b574ec24f5

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13-10-2023 14:39

Target

INV01283946.exe
Size

1.2MB
MD5

0bee25277cdcb2b13c854019c96e2703
SHA1

267e15b03bab1b2c26e8b500472c91fdc42aff5a
SHA256

393ad633aa2e88f596d747a007ab75fe7a3e71227d2b4281ad1b32ce7fea0ced
SHA512

e88b00aa6dc9c047089ab0c8c023e6c2f9a11ef962667fd4827ffe8ae77bf39e8157bbbc3b70bbfe71ed819b53dd2c4eee7669cc15575d48e999f02ba7fbebd9
SSDEEP

12288:TFwDO8KRWR9e13djSa/K5VcYzy8CXPT/cl7fBKHnvOOIVf:Zwi8VRItjSaygOdcC7fBojYf

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1724	INV01283946.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2696	1724	INV01283946.exe	30
PID 1724 wrote to memory of 2696	1724	INV01283946.exe	30
PID 1724 wrote to memory of 2696	1724	INV01283946.exe	30
PID 1724 wrote to memory of 2696	1724	INV01283946.exe	30
PID 1724 wrote to memory of 2700	1724	INV01283946.exe	31
PID 1724 wrote to memory of 2700	1724	INV01283946.exe	31
PID 1724 wrote to memory of 2700	1724	INV01283946.exe	31
PID 1724 wrote to memory of 2700	1724	INV01283946.exe	31
PID 1724 wrote to memory of 2644	1724	INV01283946.exe	32
PID 1724 wrote to memory of 2644	1724	INV01283946.exe	32
PID 1724 wrote to memory of 2644	1724	INV01283946.exe	32
PID 1724 wrote to memory of 2644	1724	INV01283946.exe	32
PID 1724 wrote to memory of 2716	1724	INV01283946.exe	33
PID 1724 wrote to memory of 2716	1724	INV01283946.exe	33
PID 1724 wrote to memory of 2716	1724	INV01283946.exe	33
PID 1724 wrote to memory of 2716	1724	INV01283946.exe	33
PID 1724 wrote to memory of 364	1724	INV01283946.exe	34
PID 1724 wrote to memory of 364	1724	INV01283946.exe	34
PID 1724 wrote to memory of 364	1724	INV01283946.exe	34
PID 1724 wrote to memory of 364	1724	INV01283946.exe	34

C:\Users\Admin\AppData\Local\Temp\INV01283946.exe
"C:\Users\Admin\AppData\Local\Temp\INV01283946.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\INV01283946.exe
  "C:\Users\Admin\AppData\Local\Temp\INV01283946.exe"
  2⤵
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\INV01283946.exe
  "C:\Users\Admin\AppData\Local\Temp\INV01283946.exe"
  2⤵
  PID:2700
- C:\Users\Admin\AppData\Local\Temp\INV01283946.exe
  "C:\Users\Admin\AppData\Local\Temp\INV01283946.exe"
  2⤵
  PID:2644
- C:\Users\Admin\AppData\Local\Temp\INV01283946.exe
  "C:\Users\Admin\AppData\Local\Temp\INV01283946.exe"
  2⤵
  PID:2716
- C:\Users\Admin\AppData\Local\Temp\INV01283946.exe
  "C:\Users\Admin\AppData\Local\Temp\INV01283946.exe"
  2⤵
  PID:364

memory/1724-0-0x0000000074560000-0x0000000074C4E000-memory.dmp

Filesize
6.9MB

Download
memory/1724-1-0x0000000000350000-0x000000000047C000-memory.dmp

Filesize
1.2MB

Download
memory/1724-2-0x0000000004D10000-0x0000000004D50000-memory.dmp

Filesize
256KB

Download
memory/1724-3-0x0000000074560000-0x0000000074C4E000-memory.dmp

Filesize
6.9MB

Download
memory/1724-4-0x0000000000310000-0x000000000032C000-memory.dmp

Filesize
112KB

Download
memory/1724-5-0x0000000004D10000-0x0000000004D50000-memory.dmp

Filesize
256KB

Download
memory/1724-6-0x0000000000330000-0x0000000000340000-memory.dmp

Filesize
64KB

Download
memory/1724-7-0x0000000005E50000-0x0000000005EBA000-memory.dmp

Filesize
424KB

Download
memory/1724-8-0x0000000074560000-0x0000000074C4E000-memory.dmp

Filesize
6.9MB

Download