509453b23a87e07848f072c4074fbd4e89b7c66f5158d7f062db3cdd69bc00fc

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 22:30

Target

4041c752d9e9cf337040290f9403aa1e.exe
Size

704KB
MD5

4041c752d9e9cf337040290f9403aa1e
SHA1

108446f6c32b4f64711aa975573d74c6f10e487a
SHA256

509453b23a87e07848f072c4074fbd4e89b7c66f5158d7f062db3cdd69bc00fc
SHA512

f78e278c63167a7a85862bd292f2fbdfd861b709691dc09fe965e75bf31fd22cf4be658171b8e4f54c250c13e757b613fc6f5d50403908d9d08089dc989d5af7
SSDEEP

12288:a45XSnXSr45XSnXSzv/NcWDrMNUuk8G3tUem3wBsujLGleEIoxRqaN5CkYsN:L5X8Xn5X8Xava8rMWOgsULREIoxIaNQw

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2300	1872	4041c752d9e9cf337040290f9403aa1e.exe	28
PID 1872 wrote to memory of 2300	1872	4041c752d9e9cf337040290f9403aa1e.exe	28
PID 1872 wrote to memory of 2300	1872	4041c752d9e9cf337040290f9403aa1e.exe	28
PID 1872 wrote to memory of 2300	1872	4041c752d9e9cf337040290f9403aa1e.exe	28

C:\Users\Admin\AppData\Local\Temp\4041c752d9e9cf337040290f9403aa1e.exe
"C:\Users\Admin\AppData\Local\Temp\4041c752d9e9cf337040290f9403aa1e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 576
  2⤵
  PID:2300

memory/1872-0-0x0000000074D30000-0x00000000752DB000-memory.dmp

Filesize
5.7MB

Download
memory/1872-3-0x0000000001FB0000-0x0000000001FF0000-memory.dmp

Filesize
256KB

Download
memory/1872-2-0x0000000001FB0000-0x0000000001FF0000-memory.dmp

Filesize
256KB

Download
memory/1872-1-0x0000000074D30000-0x00000000752DB000-memory.dmp

Filesize
5.7MB

Download
memory/1872-5-0x0000000074D30000-0x00000000752DB000-memory.dmp

Filesize
5.7MB

Download
memory/1872-6-0x0000000001FB0000-0x0000000001FF0000-memory.dmp

Filesize
256KB

Download
memory/1872-7-0x0000000001FB0000-0x0000000001FF0000-memory.dmp

Filesize
256KB

Download
memory/2300-4-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/2300-8-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download