08a6e3a364e206fdafb1f0bc0a1e97dddd382d74b10d8c38b51500d3b0b0e8cc

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08648143bdf285e755e2d721fc573a87.exe
Size

73KB
MD5

08648143bdf285e755e2d721fc573a87
SHA1

3044cbd8673958f4b0ff5b44ddc4974c040d0910
SHA256

08a6e3a364e206fdafb1f0bc0a1e97dddd382d74b10d8c38b51500d3b0b0e8cc
SHA512

0f8f7c8f171ac9346381b39f11c56703c0d71f49325b1cfb9190dfb931f7e01e970e4ae0d1fda82f434152f4673d8c52717a00e6be25af1e26ad336dbb82b175
SSDEEP

1536:t2L+AUTpldYoCuvMuGakmx1psi1ZLS7HL5TMeqF:t2L+AUTpldmukuG41si1ZLS7Hh

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1736	08648143bdf285e755e2d721fc573a87.exe

Suspicious behavior: MapViewOfSection 21 IoCs

pid	Process
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe
1736	08648143bdf285e755e2d721fc573a87.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1736	08648143bdf285e755e2d721fc573a87.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 388	1736	08648143bdf285e755e2d721fc573a87.exe	5
PID 1736 wrote to memory of 388	1736	08648143bdf285e755e2d721fc573a87.exe	5
PID 1736 wrote to memory of 388	1736	08648143bdf285e755e2d721fc573a87.exe	5
PID 1736 wrote to memory of 388	1736	08648143bdf285e755e2d721fc573a87.exe	5
PID 1736 wrote to memory of 388	1736	08648143bdf285e755e2d721fc573a87.exe	5
PID 1736 wrote to memory of 396	1736	08648143bdf285e755e2d721fc573a87.exe	4
PID 1736 wrote to memory of 396	1736	08648143bdf285e755e2d721fc573a87.exe	4
PID 1736 wrote to memory of 396	1736	08648143bdf285e755e2d721fc573a87.exe	4
PID 1736 wrote to memory of 396	1736	08648143bdf285e755e2d721fc573a87.exe	4
PID 1736 wrote to memory of 396	1736	08648143bdf285e755e2d721fc573a87.exe	4
PID 1736 wrote to memory of 436	1736	08648143bdf285e755e2d721fc573a87.exe	3
PID 1736 wrote to memory of 436	1736	08648143bdf285e755e2d721fc573a87.exe	3
PID 1736 wrote to memory of 436	1736	08648143bdf285e755e2d721fc573a87.exe	3
PID 1736 wrote to memory of 436	1736	08648143bdf285e755e2d721fc573a87.exe	3
PID 1736 wrote to memory of 436	1736	08648143bdf285e755e2d721fc573a87.exe	3
PID 1736 wrote to memory of 480	1736	08648143bdf285e755e2d721fc573a87.exe	2
PID 1736 wrote to memory of 480	1736	08648143bdf285e755e2d721fc573a87.exe	2
PID 1736 wrote to memory of 480	1736	08648143bdf285e755e2d721fc573a87.exe	2
PID 1736 wrote to memory of 480	1736	08648143bdf285e755e2d721fc573a87.exe	2
PID 1736 wrote to memory of 480	1736	08648143bdf285e755e2d721fc573a87.exe	2
PID 1736 wrote to memory of 492	1736	08648143bdf285e755e2d721fc573a87.exe	1
PID 1736 wrote to memory of 492	1736	08648143bdf285e755e2d721fc573a87.exe	1
PID 1736 wrote to memory of 492	1736	08648143bdf285e755e2d721fc573a87.exe	1
PID 1736 wrote to memory of 492	1736	08648143bdf285e755e2d721fc573a87.exe	1
PID 1736 wrote to memory of 492	1736	08648143bdf285e755e2d721fc573a87.exe	1
PID 1736 wrote to memory of 504	1736	08648143bdf285e755e2d721fc573a87.exe	27
PID 1736 wrote to memory of 504	1736	08648143bdf285e755e2d721fc573a87.exe	27
PID 1736 wrote to memory of 504	1736	08648143bdf285e755e2d721fc573a87.exe	27
PID 1736 wrote to memory of 504	1736	08648143bdf285e755e2d721fc573a87.exe	27
PID 1736 wrote to memory of 504	1736	08648143bdf285e755e2d721fc573a87.exe	27
PID 1736 wrote to memory of 600	1736	08648143bdf285e755e2d721fc573a87.exe	8
PID 1736 wrote to memory of 600	1736	08648143bdf285e755e2d721fc573a87.exe	8
PID 1736 wrote to memory of 600	1736	08648143bdf285e755e2d721fc573a87.exe	8
PID 1736 wrote to memory of 600	1736	08648143bdf285e755e2d721fc573a87.exe	8
PID 1736 wrote to memory of 600	1736	08648143bdf285e755e2d721fc573a87.exe	8
PID 1736 wrote to memory of 684	1736	08648143bdf285e755e2d721fc573a87.exe	26
PID 1736 wrote to memory of 684	1736	08648143bdf285e755e2d721fc573a87.exe	26
PID 1736 wrote to memory of 684	1736	08648143bdf285e755e2d721fc573a87.exe	26
PID 1736 wrote to memory of 684	1736	08648143bdf285e755e2d721fc573a87.exe	26
PID 1736 wrote to memory of 684	1736	08648143bdf285e755e2d721fc573a87.exe	26
PID 1736 wrote to memory of 756	1736	08648143bdf285e755e2d721fc573a87.exe	25
PID 1736 wrote to memory of 756	1736	08648143bdf285e755e2d721fc573a87.exe	25
PID 1736 wrote to memory of 756	1736	08648143bdf285e755e2d721fc573a87.exe	25
PID 1736 wrote to memory of 756	1736	08648143bdf285e755e2d721fc573a87.exe	25
PID 1736 wrote to memory of 756	1736	08648143bdf285e755e2d721fc573a87.exe	25
PID 1736 wrote to memory of 820	1736	08648143bdf285e755e2d721fc573a87.exe	9
PID 1736 wrote to memory of 820	1736	08648143bdf285e755e2d721fc573a87.exe	9
PID 1736 wrote to memory of 820	1736	08648143bdf285e755e2d721fc573a87.exe	9
PID 1736 wrote to memory of 820	1736	08648143bdf285e755e2d721fc573a87.exe	9
PID 1736 wrote to memory of 820	1736	08648143bdf285e755e2d721fc573a87.exe	9
PID 1736 wrote to memory of 864	1736	08648143bdf285e755e2d721fc573a87.exe	24
PID 1736 wrote to memory of 864	1736	08648143bdf285e755e2d721fc573a87.exe	24
PID 1736 wrote to memory of 864	1736	08648143bdf285e755e2d721fc573a87.exe	24
PID 1736 wrote to memory of 864	1736	08648143bdf285e755e2d721fc573a87.exe	24
PID 1736 wrote to memory of 864	1736	08648143bdf285e755e2d721fc573a87.exe	24
PID 1736 wrote to memory of 972	1736	08648143bdf285e755e2d721fc573a87.exe	10
PID 1736 wrote to memory of 972	1736	08648143bdf285e755e2d721fc573a87.exe	10
PID 1736 wrote to memory of 972	1736	08648143bdf285e755e2d721fc573a87.exe	10
PID 1736 wrote to memory of 972	1736	08648143bdf285e755e2d721fc573a87.exe	10
PID 1736 wrote to memory of 972	1736	08648143bdf285e755e2d721fc573a87.exe	10
PID 1736 wrote to memory of 272	1736	08648143bdf285e755e2d721fc573a87.exe	22
PID 1736 wrote to memory of 272	1736	08648143bdf285e755e2d721fc573a87.exe	22
PID 1736 wrote to memory of 272	1736	08648143bdf285e755e2d721fc573a87.exe	22
PID 1736 wrote to memory of 272	1736	08648143bdf285e755e2d721fc573a87.exe	22

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:492

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
1⤵
PID:480
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k DcomLaunch
  2⤵
  PID:600
- - C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    3⤵
    PID:1640
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  2⤵
  PID:820
- - C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    3⤵
    PID:1180
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalService
  2⤵
  PID:972
- C:\Windows\system32\taskhost.exe
  "taskhost.exe"
  2⤵
  PID:1112
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  2⤵
  PID:2148
- C:\Windows\system32\sppsvc.exe
  C:\Windows\system32\sppsvc.exe
  2⤵
  PID:2316
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  2⤵
  PID:1068
- C:\Windows\System32\spoolsv.exe
  C:\Windows\System32\spoolsv.exe
  2⤵
  PID:108
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k NetworkService
  2⤵
  PID:272
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k netsvcs
  2⤵
  PID:864
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  2⤵
  PID:756
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k RPCSS
  2⤵
  PID:684

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:436

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:396

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:388
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:504

C:\Users\Admin\AppData\Local\Temp\08648143bdf285e755e2d721fc573a87.exe
"C:\Users\Admin\AppData\Local\Temp\08648143bdf285e755e2d721fc573a87.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1736

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-0-0x0000000001000000-0x000000000101A000-memory.dmp

Filesize
104KB

Download
memory/1736-3-0x0000000001000000-0x000000000101A000-memory.dmp

Filesize
104KB

Download
memory/1736-2-0x000000007782F000-0x0000000077830000-memory.dmp

Filesize
4KB

Download
memory/1736-1-0x0000000077830000-0x0000000077831000-memory.dmp

Filesize
4KB

Download