07177892c2c47e5827bf6504ad8b7047771674b164fa8a026b9250f831560cfe

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 09:16

Target

gunzipped.exe
Size

445KB
MD5

d9742026719e39649e6bcf5a9966080b
SHA1

d637b4ac4a2e0a73b8b80c62943bbaec0dc2777e
SHA256

07177892c2c47e5827bf6504ad8b7047771674b164fa8a026b9250f831560cfe
SHA512

fce6de17d889e3cd9af2fcf3b3085719193272e023117c5e09ead3d0523114bc2c486408ec2067066753a9d67942a18a06c1457e5d132d9b0c51a2c105a6812d
SSDEEP

12288:LZoa52c6bFW2NU4vVKKzmN5ALp6jTB4rmbZ9+Q9IjN:dcbM2a4AN5AV6+rhqeN

Score

1^/10

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2248	gunzipped.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2644	2248	gunzipped.exe	29
PID 2248 wrote to memory of 2644	2248	gunzipped.exe	29
PID 2248 wrote to memory of 2644	2248	gunzipped.exe	29
PID 2248 wrote to memory of 2644	2248	gunzipped.exe	29
PID 2248 wrote to memory of 2972	2248	gunzipped.exe	30
PID 2248 wrote to memory of 2972	2248	gunzipped.exe	30
PID 2248 wrote to memory of 2972	2248	gunzipped.exe	30
PID 2248 wrote to memory of 2972	2248	gunzipped.exe	30
PID 2248 wrote to memory of 2752	2248	gunzipped.exe	31
PID 2248 wrote to memory of 2752	2248	gunzipped.exe	31
PID 2248 wrote to memory of 2752	2248	gunzipped.exe	31
PID 2248 wrote to memory of 2752	2248	gunzipped.exe	31
PID 2248 wrote to memory of 2756	2248	gunzipped.exe	32
PID 2248 wrote to memory of 2756	2248	gunzipped.exe	32
PID 2248 wrote to memory of 2756	2248	gunzipped.exe	32
PID 2248 wrote to memory of 2756	2248	gunzipped.exe	32
PID 2248 wrote to memory of 2816	2248	gunzipped.exe	33
PID 2248 wrote to memory of 2816	2248	gunzipped.exe	33
PID 2248 wrote to memory of 2816	2248	gunzipped.exe	33
PID 2248 wrote to memory of 2816	2248	gunzipped.exe	33

C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
"C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
  "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
  2⤵
  PID:2644
- C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
  "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
  2⤵
  PID:2972
- C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
  "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
  2⤵
  PID:2752
- C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
  "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
  2⤵
  PID:2756
- C:\Users\Admin\AppData\Local\Temp\gunzipped.exe
  "C:\Users\Admin\AppData\Local\Temp\gunzipped.exe"
  2⤵
  PID:2816

memory/2248-0-0x0000000000390000-0x0000000000406000-memory.dmp

Filesize
472KB

Download
memory/2248-1-0x0000000074260000-0x000000007494E000-memory.dmp

Filesize
6.9MB

Download
memory/2248-2-0x0000000004DC0000-0x0000000004E00000-memory.dmp

Filesize
256KB

Download
memory/2248-3-0x0000000000420000-0x0000000000430000-memory.dmp

Filesize
64KB

Download
memory/2248-4-0x0000000074260000-0x000000007494E000-memory.dmp

Filesize
6.9MB

Download
memory/2248-5-0x0000000004DC0000-0x0000000004E00000-memory.dmp

Filesize
256KB

Download
memory/2248-6-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/2248-7-0x00000000005D0000-0x00000000005DA000-memory.dmp

Filesize
40KB

Download
memory/2248-8-0x0000000004840000-0x000000000489A000-memory.dmp

Filesize
360KB

Download
memory/2248-9-0x0000000074260000-0x000000007494E000-memory.dmp

Filesize
6.9MB

Download