7dd1b26f7d13b353526295089b5ce5bc0abd6e3b7786d081f778cc0f9eb3f9a1

Analysis

max time kernel
2s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b51795bfee600ca87a5632c7d44792c.exe
Size

501KB
MD5

0b51795bfee600ca87a5632c7d44792c
SHA1

a40a3661b4b7634f07774fd15d8ca6e977f7bb46
SHA256

7dd1b26f7d13b353526295089b5ce5bc0abd6e3b7786d081f778cc0f9eb3f9a1
SHA512

57906a33dbaf0c823d0bb2c616cc3070692e92f8428e4d665f97fb7fc29efebb868c830a342005f42b893600b20e49dee9c95def6072838a427d657ffc695b2d
SSDEEP

12288:hy7anlVGg3mAgPo6XxkncSlrt2nApuw8zwtmAQ4R/GTLR:cgmAgPJBkncIrt2smwYABw1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2008	0b51795bfee600ca87a5632c7d44792c.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	0b51795bfee600ca87a5632c7d44792c.exe
Token: SeDebugPrivilege	2008	0b51795bfee600ca87a5632c7d44792c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27
PID 2008 wrote to memory of 1260	2008	0b51795bfee600ca87a5632c7d44792c.exe	27

C:\Users\Admin\AppData\Local\Temp\0b51795bfee600ca87a5632c7d44792c.exe
"C:\Users\Admin\AppData\Local\Temp\0b51795bfee600ca87a5632c7d44792c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\0b51795bfee600ca87a5632c7d44792c.exe
  C:\Users\Admin\AppData\Local\Temp\0b51795bfee600ca87a5632c7d44792c.exe
  2⤵
  PID:2872
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-1-0x0000000010410000-0x0000000010488000-memory.dmp

Filesize
480KB

Download
memory/2872-20-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2872-14-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2872-8-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2872-2421-0x0000000010490000-0x0000000010508000-memory.dmp

Filesize
480KB

Download
memory/2872-2425-0x0000000010490000-0x0000000010508000-memory.dmp

Filesize
480KB

Download