a393a7c0bcd606e0e4441cf58d1dab63b57e6cedb02fcc72a0a78d273e2b29b5

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
24/10/2023, 07:53

Target

LJl86VfF8Y8HwLL.exe
Size

656KB
MD5

4dabc7d8db7be86a8fa3afdbb9963025
SHA1

9084477d8ed0a2c4fa0d5a601e26309aa082ca44
SHA256

a393a7c0bcd606e0e4441cf58d1dab63b57e6cedb02fcc72a0a78d273e2b29b5
SHA512

d9d86085ce1c3951c4938c7523714350104744d5358dbec791bcb0aad2a9d9e4615ef5ed0032f280cd3e5c20a5dbd9974d413ff9d4586cc37f84d8b0d1e001c3
SSDEEP

12288:IDDJ92IWiN9ELwSEgSiWX06CIWcQ1rJvT8IjyASJihcbvvWKLB:s/e499SbxW06C3duAxOb+g

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2184	LJl86VfF8Y8HwLL.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2712	2184	LJl86VfF8Y8HwLL.exe	28
PID 2184 wrote to memory of 2712	2184	LJl86VfF8Y8HwLL.exe	28
PID 2184 wrote to memory of 2712	2184	LJl86VfF8Y8HwLL.exe	28
PID 2184 wrote to memory of 2712	2184	LJl86VfF8Y8HwLL.exe	28
PID 2184 wrote to memory of 2720	2184	LJl86VfF8Y8HwLL.exe	29
PID 2184 wrote to memory of 2720	2184	LJl86VfF8Y8HwLL.exe	29
PID 2184 wrote to memory of 2720	2184	LJl86VfF8Y8HwLL.exe	29
PID 2184 wrote to memory of 2720	2184	LJl86VfF8Y8HwLL.exe	29
PID 2184 wrote to memory of 2796	2184	LJl86VfF8Y8HwLL.exe	30
PID 2184 wrote to memory of 2796	2184	LJl86VfF8Y8HwLL.exe	30
PID 2184 wrote to memory of 2796	2184	LJl86VfF8Y8HwLL.exe	30
PID 2184 wrote to memory of 2796	2184	LJl86VfF8Y8HwLL.exe	30
PID 2184 wrote to memory of 2800	2184	LJl86VfF8Y8HwLL.exe	31
PID 2184 wrote to memory of 2800	2184	LJl86VfF8Y8HwLL.exe	31
PID 2184 wrote to memory of 2800	2184	LJl86VfF8Y8HwLL.exe	31
PID 2184 wrote to memory of 2800	2184	LJl86VfF8Y8HwLL.exe	31
PID 2184 wrote to memory of 2828	2184	LJl86VfF8Y8HwLL.exe	32
PID 2184 wrote to memory of 2828	2184	LJl86VfF8Y8HwLL.exe	32
PID 2184 wrote to memory of 2828	2184	LJl86VfF8Y8HwLL.exe	32
PID 2184 wrote to memory of 2828	2184	LJl86VfF8Y8HwLL.exe	32

C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe
"C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe
  "C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe"
  2⤵
  PID:2712
- C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe
  "C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe"
  2⤵
  PID:2720
- C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe
  "C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe"
  2⤵
  PID:2796
- C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe
  "C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe"
  2⤵
  PID:2800
- C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe
  "C:\Users\Admin\AppData\Local\Temp\LJl86VfF8Y8HwLL.exe"
  2⤵
  PID:2828

memory/2184-0-0x00000000003B0000-0x000000000045A000-memory.dmp

Filesize
680KB

Download
memory/2184-1-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download
memory/2184-2-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download
memory/2184-3-0x00000000002E0000-0x00000000002FE000-memory.dmp

Filesize
120KB

Download
memory/2184-4-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download
memory/2184-5-0x0000000002100000-0x0000000002140000-memory.dmp

Filesize
256KB

Download
memory/2184-6-0x00000000002C0000-0x00000000002CC000-memory.dmp

Filesize
48KB

Download
memory/2184-7-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2184-8-0x0000000005760000-0x00000000057DC000-memory.dmp

Filesize
496KB

Download
memory/2184-9-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download