1b126e2fb116a33fa5831da41c224e4c1213fb7af5738b244d0fa25a5a252a99

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 15:48

Target

Product Sample.exe
Size

704KB
MD5

af94befdf947e87fca2be99067904e49
SHA1

f13892602f146b2a91785fea855a321365be2aed
SHA256

1b126e2fb116a33fa5831da41c224e4c1213fb7af5738b244d0fa25a5a252a99
SHA512

97b397d9d1ade3f3e896fac210c4d012303b17f16e30cb128bd8007c71fd6bcdbf525923fffa42ea7fa03146cc056043afef2101efcc2efb812f22408e0a4b4a
SSDEEP

6144:G3RWHKuZ5WlcYIsyF1OiAMrV3Psy4S9hDnz7d8z77fy2zmlt2L9OrFZA5EhQNUo:GhkZ5zxF1OiAMrVfsNS9hDPdAPGl+cS

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1764	Product Sample.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 4960	1764	Product Sample.exe	103
PID 1764 wrote to memory of 4960	1764	Product Sample.exe	103
PID 1764 wrote to memory of 4960	1764	Product Sample.exe	103
PID 1764 wrote to memory of 4960	1764	Product Sample.exe	103
PID 1764 wrote to memory of 1976	1764	Product Sample.exe	105
PID 1764 wrote to memory of 1976	1764	Product Sample.exe	105
PID 1764 wrote to memory of 1976	1764	Product Sample.exe	105
PID 1764 wrote to memory of 1816	1764	Product Sample.exe	104
PID 1764 wrote to memory of 1816	1764	Product Sample.exe	104
PID 1764 wrote to memory of 1816	1764	Product Sample.exe	104
PID 1764 wrote to memory of 216	1764	Product Sample.exe	106
PID 1764 wrote to memory of 216	1764	Product Sample.exe	106
PID 1764 wrote to memory of 216	1764	Product Sample.exe	106
PID 1764 wrote to memory of 4584	1764	Product Sample.exe	107
PID 1764 wrote to memory of 4584	1764	Product Sample.exe	107
PID 1764 wrote to memory of 4584	1764	Product Sample.exe	107
PID 1764 wrote to memory of 4584	1764	Product Sample.exe	107

C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
"C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:4960
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:1816
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:1976
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:216
- C:\Users\Admin\AppData\Local\Temp\Product Sample.exe
  "C:\Users\Admin\AppData\Local\Temp\Product Sample.exe"
  2⤵
  PID:4584

memory/1764-0-0x0000000000930000-0x00000000009E6000-memory.dmp

Filesize
728KB

Download
memory/1764-1-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/1764-2-0x0000000005A90000-0x0000000006034000-memory.dmp

Filesize
5.6MB

Download
memory/1764-3-0x00000000053D0000-0x0000000005462000-memory.dmp

Filesize
584KB

Download
memory/1764-4-0x0000000005680000-0x00000000059D4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-5-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/1764-6-0x00000000054C0000-0x00000000054CA000-memory.dmp

Filesize
40KB

Download
memory/1764-7-0x0000000005A70000-0x0000000005A8A000-memory.dmp

Filesize
104KB

Download
memory/1764-8-0x0000000006A60000-0x0000000006A68000-memory.dmp

Filesize
32KB

Download
memory/1764-9-0x0000000006A70000-0x0000000006A7A000-memory.dmp

Filesize
40KB

Download
memory/1764-10-0x0000000006C50000-0x0000000006CCE000-memory.dmp

Filesize
504KB

Download
memory/1764-11-0x00000000092D0000-0x000000000936C000-memory.dmp

Filesize
624KB

Download
memory/1764-12-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download
memory/1764-13-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/1764-15-0x00000000748B0000-0x0000000075060000-memory.dmp

Filesize
7.7MB

Download