c2c3665fcc34cfb52d73b9b5c28f04b3ce1c0d585dceb614d3759626d1326631

Analysis

max time kernel
590s
max time network
615s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123.exe
Size

4.1MB
MD5

1940141f673cf5536ff354391ff0f05f
SHA1

17e1c27edb8a1c0414db9ed4a1191a362f1b9d6f
SHA256

c2c3665fcc34cfb52d73b9b5c28f04b3ce1c0d585dceb614d3759626d1326631
SHA512

c9b9e42443c7fb773291e17e81a76fa1737134ee123d4666b259178b2c28e726493656d9920990e888e11cd969bc79f6336bdc6894d8ff33d9d756d1d6fbfc78
SSDEEP

98304:MGAavs46NdN7YJhb1l3dL1NzpOnnhgdTZmaZ9kYNX9AHD8YgDCyi1cQJXu25+Z2X:MG3vUhYJTl3d5NVOnhgdTZlZ9kYNX9CN

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2064 set thread context of 3784	2064	123.exe	93

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2064	123.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 3784	2064	123.exe	93
PID 2064 wrote to memory of 3784	2064	123.exe	93
PID 2064 wrote to memory of 3784	2064	123.exe	93
PID 2064 wrote to memory of 3784	2064	123.exe	93
PID 2064 wrote to memory of 3784	2064	123.exe	93
PID 2064 wrote to memory of 3784	2064	123.exe	93

C:\Users\Admin\AppData\Local\Temp\123.exe
"C:\Users\Admin\AppData\Local\Temp\123.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Users\Admin\AppData\Local\Temp\123.exe
  C:\Users\Admin\AppData\Local\Temp\123.exe
  2⤵
  PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2064-9-0x00007FF8442B0000-0x00007FF844D71000-memory.dmp

Filesize
10.8MB

Download
memory/2064-1-0x00007FF8442B0000-0x00007FF844D71000-memory.dmp

Filesize
10.8MB

Download
memory/2064-2-0x0000022078010000-0x0000022078020000-memory.dmp

Filesize
64KB

Download
memory/2064-3-0x0000022077E80000-0x0000022077F8E000-memory.dmp

Filesize
1.1MB

Download
memory/2064-4-0x0000022078440000-0x0000022078536000-memory.dmp

Filesize
984KB

Download
memory/2064-5-0x0000022078020000-0x0000022078116000-memory.dmp

Filesize
984KB

Download
memory/2064-6-0x0000022078120000-0x000002207816C000-memory.dmp

Filesize
304KB

Download
memory/2064-0-0x0000022075580000-0x00000220759AA000-memory.dmp

Filesize
4.2MB

Download
memory/3784-36-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-30-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-11-0x0000014DDFAD0000-0x0000014DDFAE0000-memory.dmp

Filesize
64KB

Download
memory/3784-12-0x0000014DDF960000-0x0000014DDFA68000-memory.dmp

Filesize
1.0MB

Download
memory/3784-13-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-14-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-16-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-18-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-20-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-22-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-24-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-26-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-28-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-32-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-7-0x0000000140000000-0x00000001400D0000-memory.dmp

Filesize
832KB

Download
memory/3784-42-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-40-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-38-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-34-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-10-0x00007FF8442B0000-0x00007FF844D71000-memory.dmp

Filesize
10.8MB

Download
memory/3784-44-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-46-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-48-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-50-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-52-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-58-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-56-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-60-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-62-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-64-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-54-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-66-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-68-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-70-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-72-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-74-0x0000014DDF960000-0x0000014DDFA63000-memory.dmp

Filesize
1.0MB

Download
memory/3784-2201-0x0000014DDFAE0000-0x0000014DDFB7E000-memory.dmp

Filesize
632KB

Download
memory/3784-2202-0x00007FF8442B0000-0x00007FF844D71000-memory.dmp

Filesize
10.8MB

Download
memory/3784-2203-0x0000014DDFAD0000-0x0000014DDFAE0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads