1b126e2fb116a33fa5831da41c224e4c1213fb7af5738b244d0fa25a5a252a99

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231201-en
resource tags

arch:x64arch:x86image:win7-20231201-enlocale:en-usos:windows7-x64system
submitted
11/12/2023, 15:48

Target

Product Sample.exe
Size

704KB
MD5

af94befdf947e87fca2be99067904e49
SHA1

f13892602f146b2a91785fea855a321365be2aed
SHA256

1b126e2fb116a33fa5831da41c224e4c1213fb7af5738b244d0fa25a5a252a99
SHA512

97b397d9d1ade3f3e896fac210c4d012303b17f16e30cb128bd8007c71fd6bcdbf525923fffa42ea7fa03146cc056043afef2101efcc2efb812f22408e0a4b4a
SSDEEP

6144:G3RWHKuZ5WlcYIsyF1OiAMrV3Psy4S9hDnz7d8z77fy2zmlt2L9OrFZA5EhQNUo:GhkZ5zxF1OiAMrVfsNS9hDPdAPGl+cS

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2044	Product Sample.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2916	2044	Product Sample.exe	28
PID 2044 wrote to memory of 2916	2044	Product Sample.exe	28
PID 2044 wrote to memory of 2916	2044	Product Sample.exe	28
PID 2044 wrote to memory of 2916	2044	Product Sample.exe	28
PID 2044 wrote to memory of 2820	2044	Product Sample.exe	29
PID 2044 wrote to memory of 2820	2044	Product Sample.exe	29
PID 2044 wrote to memory of 2820	2044	Product Sample.exe	29
PID 2044 wrote to memory of 2820	2044	Product Sample.exe	29
PID 2044 wrote to memory of 2772	2044	Product Sample.exe	30
PID 2044 wrote to memory of 2772	2044	Product Sample.exe	30
PID 2044 wrote to memory of 2772	2044	Product Sample.exe	30
PID 2044 wrote to memory of 2772	2044	Product Sample.exe	30
PID 2044 wrote to memory of 2740	2044	Product Sample.exe	31
PID 2044 wrote to memory of 2740	2044	Product Sample.exe	31
PID 2044 wrote to memory of 2740	2044	Product Sample.exe	31
PID 2044 wrote to memory of 2740	2044	Product Sample.exe	31
PID 2044 wrote to memory of 3020	2044	Product Sample.exe	32
PID 2044 wrote to memory of 3020	2044	Product Sample.exe	32
PID 2044 wrote to memory of 3020	2044	Product Sample.exe	32
PID 2044 wrote to memory of 3020	2044	Product Sample.exe	32

C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
"C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:2916
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:2820
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:2772
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:2740
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:3020

memory/2044-0-0x00000000008D0000-0x0000000000986000-memory.dmp

Filesize
728KB

Download
memory/2044-1-0x0000000074C10000-0x00000000752FE000-memory.dmp

Filesize
6.9MB

Download
memory/2044-2-0x0000000004CA0000-0x0000000004CE0000-memory.dmp

Filesize
256KB

Download
memory/2044-3-0x0000000000460000-0x000000000047A000-memory.dmp

Filesize
104KB

Download
memory/2044-4-0x0000000000480000-0x0000000000488000-memory.dmp

Filesize
32KB

Download
memory/2044-5-0x0000000000520000-0x000000000052A000-memory.dmp

Filesize
40KB

Download
memory/2044-6-0x00000000050C0000-0x000000000513E000-memory.dmp

Filesize
504KB

Download
memory/2044-7-0x0000000074C10000-0x00000000752FE000-memory.dmp

Filesize
6.9MB

Download
memory/2044-8-0x0000000004CA0000-0x0000000004CE0000-memory.dmp

Filesize
256KB

Download
memory/2044-9-0x0000000074C10000-0x00000000752FE000-memory.dmp

Filesize
6.9MB

Download