c88aeb0fb3b2e793a08caf2c040c24e1f5b6eddec61c22b484862d4428a0af03

Analysis

max time kernel
202s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
24/11/2023, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TokenBroker.exe
Size

450KB
MD5

62adf1c05748656fce6bbb99a4e0d517
SHA1

ff2dcb97c76aab26334fe031c3a0e7c0e4b94f25
SHA256

c88aeb0fb3b2e793a08caf2c040c24e1f5b6eddec61c22b484862d4428a0af03
SHA512

6f92de67a16081ec9954b44821cd06ea1facf7877196413ff76c028bf359a8ab486b34a82da74b20364524b0bdbc4949e0197fce14e7f4e7776b794d6ae98a9a
SSDEEP

12288:SAzy+91FLh+moqhjdzADZMdTy+mevAKuBsEYYYNxnz:SAzy+H/jdzyZStf9uEZz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2056	1936	TokenBroker.exe	28
PID 1936 wrote to memory of 2056	1936	TokenBroker.exe	28
PID 1936 wrote to memory of 2056	1936	TokenBroker.exe	28
PID 2056 wrote to memory of 2052	2056	TokenBroker.exe	29
PID 2056 wrote to memory of 2052	2056	TokenBroker.exe	29
PID 2056 wrote to memory of 2052	2056	TokenBroker.exe	29
PID 2052 wrote to memory of 2036	2052	TokenBroker.exe	30
PID 2052 wrote to memory of 2036	2052	TokenBroker.exe	30
PID 2052 wrote to memory of 2036	2052	TokenBroker.exe	30
PID 2036 wrote to memory of 3004	2036	TokenBroker.exe	31
PID 2036 wrote to memory of 3004	2036	TokenBroker.exe	31
PID 2036 wrote to memory of 3004	2036	TokenBroker.exe	31
PID 3004 wrote to memory of 1740	3004	TokenBroker.exe	32
PID 3004 wrote to memory of 1740	3004	TokenBroker.exe	32
PID 3004 wrote to memory of 1740	3004	TokenBroker.exe	32
PID 1740 wrote to memory of 2444	1740	TokenBroker.exe	33
PID 1740 wrote to memory of 2444	1740	TokenBroker.exe	33
PID 1740 wrote to memory of 2444	1740	TokenBroker.exe	33
PID 2444 wrote to memory of 2344	2444	TokenBroker.exe	34
PID 2444 wrote to memory of 2344	2444	TokenBroker.exe	34
PID 2444 wrote to memory of 2344	2444	TokenBroker.exe	34
PID 2344 wrote to memory of 2708	2344	TokenBroker.exe	35
PID 2344 wrote to memory of 2708	2344	TokenBroker.exe	35
PID 2344 wrote to memory of 2708	2344	TokenBroker.exe	35
PID 2708 wrote to memory of 2852	2708	TokenBroker.exe	36
PID 2708 wrote to memory of 2852	2708	TokenBroker.exe	36
PID 2708 wrote to memory of 2852	2708	TokenBroker.exe	36
PID 2852 wrote to memory of 2736	2852	TokenBroker.exe	37
PID 2852 wrote to memory of 2736	2852	TokenBroker.exe	37
PID 2852 wrote to memory of 2736	2852	TokenBroker.exe	37

C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
"C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
  C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe 1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
    C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
      C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe 1
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe 1
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe 1
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        9⤵
        Suspicious use of WriteProcessMemory
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe 1
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        
        C:\Users\Admin\AppData\Local\Temp\TokenBroker.exe
        11⤵
        
        PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-4-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/1936-1-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2036-2-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2052-3-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2056-0-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2344-6-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2444-7-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2708-9-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2736-10-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/2852-8-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download
memory/3004-5-0x000000013FC60000-0x000000013FCE0000-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads