f9d16f2334a58c2a32824e647d5fcf15113776f91355e11084474fca5871f373

Analysis

max time kernel
148s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 14:22

Target

41922e2d498acdfa8b73fb2beda6033a.exe
Size

7.6MB
MD5

41922e2d498acdfa8b73fb2beda6033a
SHA1

8648f4bd089f95768754e1e0775f21051827612e
SHA256

f9d16f2334a58c2a32824e647d5fcf15113776f91355e11084474fca5871f373
SHA512

f496faf75834690d3f97a356d047be08ff8cc5d2271564419d308a9d430419816ddf28bde61e77169f267b9ad7be7023d82eedf73ff2ca7ce0ca850a2e260cdc
SSDEEP

196608:kX3Uz60AcFn1YxOv5wANkZGFrxGOybiHmUBbSd/maDOOOs:knUWcLZ+OrIOybiHmUBmd/mqOb

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
3068	servbrow.exe
2600	servbrow.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\servbrow.exe	41922e2d498acdfa8b73fb2beda6033a.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeTcbPrivilege	3068	servbrow.exe
Token: SeChangeNotifyPrivilege	3068	servbrow.exe
Token: SeIncreaseQuotaPrivilege	3068	servbrow.exe
Token: SeAssignPrimaryTokenPrivilege	3068	servbrow.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2600	3068	servbrow.exe	31
PID 3068 wrote to memory of 2600	3068	servbrow.exe	31
PID 3068 wrote to memory of 2600	3068	servbrow.exe	31
PID 3068 wrote to memory of 2600	3068	servbrow.exe	31

C:\Windows\servbrow.exe

Filesize
7.6MB

MD5
434cf2377f0e88e10d3f10762fbeabf1

SHA1
7e207f9c2fc2dff52a80375f007a039a059ffc16

SHA256
71f70d7043fa7d12890f904f2b1aef6ede27bd653255fee8b4dbff44bda4fbbe

SHA512
40d119898dc8e4f1df2e42f766f72123bb30dc21458768e2683ae48f776d360d2a9c4e4fa26ba9e51d02b4f3057e152c29bc783ca9fc19c65c4344f7abd5b371

Download Submit