db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231130-en
resource tags

arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
submitted
07-12-2023 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
Size

2.1MB
MD5

3e6d723d92d5ed87e3e7b380d8e8307e
SHA1

70e7e2662d5d02dcce846a04499de49ad868817e
SHA256

db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c
SHA512

f4b6b2c74691043bbb552508a29bd0c14ad004a4606e0814c9fb15c28f51feb4575ce3e81dbec2bdfa6cb0b0b79f4cb88bd30bc969b52bd749769754bb6cbcdc
SSDEEP

49152:jh/lHKoueda5jRM97lqpcr3W7+MpvskY1aNAEn3+:OolWiHEnu

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2660	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	28
PID 2220 wrote to memory of 2660	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	28
PID 2220 wrote to memory of 2660	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	28
PID 2220 wrote to memory of 2660	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	28
PID 2220 wrote to memory of 2664	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	29
PID 2220 wrote to memory of 2664	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	29
PID 2220 wrote to memory of 2664	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	29
PID 2220 wrote to memory of 2664	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	29
PID 2220 wrote to memory of 2676	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	30
PID 2220 wrote to memory of 2676	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	30
PID 2220 wrote to memory of 2676	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	30
PID 2220 wrote to memory of 2676	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	30
PID 2220 wrote to memory of 2696	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	31
PID 2220 wrote to memory of 2696	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	31
PID 2220 wrote to memory of 2696	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	31
PID 2220 wrote to memory of 2696	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	31
PID 2220 wrote to memory of 2612	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	32
PID 2220 wrote to memory of 2612	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	32
PID 2220 wrote to memory of 2612	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	32
PID 2220 wrote to memory of 2612	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	32
PID 2220 wrote to memory of 2852	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	33
PID 2220 wrote to memory of 2852	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	33
PID 2220 wrote to memory of 2852	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	33
PID 2220 wrote to memory of 2852	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	33
PID 2220 wrote to memory of 2704	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	34
PID 2220 wrote to memory of 2704	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	34
PID 2220 wrote to memory of 2704	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	34
PID 2220 wrote to memory of 2704	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	34
PID 2220 wrote to memory of 2856	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	35
PID 2220 wrote to memory of 2856	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	35
PID 2220 wrote to memory of 2856	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	35
PID 2220 wrote to memory of 2856	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	35
PID 2220 wrote to memory of 2584	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	36
PID 2220 wrote to memory of 2584	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	36
PID 2220 wrote to memory of 2584	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	36
PID 2220 wrote to memory of 2584	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	36
PID 2220 wrote to memory of 2708	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	37
PID 2220 wrote to memory of 2708	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	37
PID 2220 wrote to memory of 2708	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	37
PID 2220 wrote to memory of 2708	2220	db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe	37

C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
"C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2660
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2664
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2676
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2852
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2704
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2856
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2584
- C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  C:\Users\Admin\AppData\Local\Temp\db2a204d6286ccff77412f38fcb2233480283faf9a7e33efae6aa15a26b1539c.exe
  2⤵
  PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-1-0x0000000073EE0000-0x00000000745CE000-memory.dmp

Filesize
6.9MB

Download
memory/2220-0-0x0000000000200000-0x0000000000416000-memory.dmp

Filesize
2.1MB

Download
memory/2220-4-0x0000000000A90000-0x0000000000AD0000-memory.dmp

Filesize
256KB

Download
memory/2220-3-0x00000000045B0000-0x00000000045F0000-memory.dmp

Filesize
256KB

Download
memory/2220-2-0x0000000002070000-0x00000000020C8000-memory.dmp

Filesize
352KB

Download
memory/2220-5-0x00000000020D0000-0x0000000002110000-memory.dmp

Filesize
256KB

Download
memory/2220-6-0x0000000002310000-0x000000000235C000-memory.dmp

Filesize
304KB

Download
memory/2220-7-0x0000000073EE0000-0x00000000745CE000-memory.dmp

Filesize
6.9MB

Download
memory/2220-8-0x00000000045B0000-0x00000000045F0000-memory.dmp

Filesize
256KB

Download
memory/2220-9-0x0000000073EE0000-0x00000000745CE000-memory.dmp

Filesize
6.9MB

Download