04d47d7a897a86e711e7c874ada8cca27a7f28cf6a0dc208adaef2cf15fa1ebd

Analysis

max time kernel
125s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 22:15

Target

14fe5f1c73372df0072bae0a8aee189e.exe
Size

348KB
MD5

14fe5f1c73372df0072bae0a8aee189e
SHA1

32a1f27a86a75616bc1a23bf6894b80fc24cf19b
SHA256

04d47d7a897a86e711e7c874ada8cca27a7f28cf6a0dc208adaef2cf15fa1ebd
SHA512

df0140fac705095b0a3b27236f5e62d7bb87362e355ea7c5457a163c8734d8604d6f32c5415d68c7a96cc2c2df0e2dec6a82028f1c4034548094a5fd3dc06e3b
SSDEEP

6144:3AIgjmiKlYM4XrhfXSClvdnNYMSisQBtdbk8sYMES3npuMvg7ByS35:bgTYgXrhv7lNNB8gdbk8HMES3pu7AO

Score

7^/10

Deletes itself 1 IoCs

pid	Process
696	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 980 set thread context of 696	980	14fe5f1c73372df0072bae0a8aee189e.exe	36

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
980	14fe5f1c73372df0072bae0a8aee189e.exe
980	14fe5f1c73372df0072bae0a8aee189e.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	980	14fe5f1c73372df0072bae0a8aee189e.exe
Token: SeDebugPrivilege	980	14fe5f1c73372df0072bae0a8aee189e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 980 wrote to memory of 696	980	14fe5f1c73372df0072bae0a8aee189e.exe	36
PID 980 wrote to memory of 696	980	14fe5f1c73372df0072bae0a8aee189e.exe	36
PID 980 wrote to memory of 696	980	14fe5f1c73372df0072bae0a8aee189e.exe	36
PID 980 wrote to memory of 696	980	14fe5f1c73372df0072bae0a8aee189e.exe	36

C:\Users\Admin\AppData\Local\Temp\14fe5f1c73372df0072bae0a8aee189e.exe
"C:\Users\Admin\AppData\Local\Temp\14fe5f1c73372df0072bae0a8aee189e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:980
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  - Deletes itself
  PID:696

memory/980-0-0x0000000030670000-0x0000000030697000-memory.dmp

Filesize
156KB

Download
memory/980-2-0x0000000030670000-0x0000000030697000-memory.dmp

Filesize
156KB

Download
memory/980-1-0x00000000021F0000-0x00000000031F0000-memory.dmp

Filesize
16.0MB

Download
memory/980-5-0x0000000030670000-0x0000000030697000-memory.dmp

Filesize
156KB

Download
memory/980-6-0x00000000021F0000-0x00000000031F0000-memory.dmp

Filesize
16.0MB

Download