7de30f5ae66264f2af3512845cb62d693b2d7e9a65a5be82d6938d66a2128983

Analysis

max time kernel
0s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 03:28

Target

03161fb5ca408665e38e83f96734db56.exe
Size

91KB
MD5

03161fb5ca408665e38e83f96734db56
SHA1

72cfb45a17139dd9513d026f952b24dc018741dd
SHA256

7de30f5ae66264f2af3512845cb62d693b2d7e9a65a5be82d6938d66a2128983
SHA512

933e6651d193c00883f2dba9fdc0e015728e510c3041fe14c004010c6f566bf74c2e5d68eff45a50d1aaa485b0733667dcef95cf24ec29e5c2b299823b251297
SSDEEP

1536:1pSwT9Wcm7i/V7vlYe7nof/MhzAt7FsomeikzLX3cYWXCOcpVjrCID4:zf9WcECV7a7f/WAt7FsXQLchL4VCID4

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
312	OONOEO.EXE

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\oonoeo.exe	03161fb5ca408665e38e83f96734db56.exe
File created	C:\Windows\SysWOW64\oonoeo.exe	03161fb5ca408665e38e83f96734db56.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4848	03161fb5ca408665e38e83f96734db56.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 312	4848	03161fb5ca408665e38e83f96734db56.exe	16
PID 4848 wrote to memory of 312	4848	03161fb5ca408665e38e83f96734db56.exe	16
PID 4848 wrote to memory of 312	4848	03161fb5ca408665e38e83f96734db56.exe	16

C:\Users\Admin\AppData\Local\Temp\03161fb5ca408665e38e83f96734db56.exe
"C:\Users\Admin\AppData\Local\Temp\03161fb5ca408665e38e83f96734db56.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4848
- C:\WINDOWS\SysWOW64\OONOEO.EXE
  C:\WINDOWS\SYSTEM32\OONOEO.EXE C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\03161FB5CA408665E38E83F96734DB56.EXE
  2⤵
  - Executes dropped EXE
  PID:312

C:\WINDOWS\SysWOW64\OONOEO.EXE

Filesize
90KB

MD5
dd55a2cce338506d4ee04c55efc8cd2c

SHA1
1def4ee64277679f3f67d30822a5f828a8a8c58c

SHA256
00ac24ce96323aa6424d1ab71a5b4e854060b3a37c30fc7788e52cb41de1e0b1

SHA512
5e04a78052d2112725685fc2e8d921e1434b73f7c4a034a4908ed70693e4d74d6f26bc5beccd67bf233c41bcbbd08771d1866bdca802902ab7d3a17ff65de90e

Download Submit
C:\Windows\SysWOW64\oonoeo.exe

Filesize
43KB

MD5
198e8bbcf6ec3e796ceac251e0749ea4

SHA1
7cb4faef21f29990c52372aad4ab5e7461658504

SHA256
fd9c18da2d9e8602749fd291a2801ae06b1b9bb1fdc2d469045851702ad4235c

SHA512
b0953d467ab8df82f9a52fe28ac069e47de317613f3835825e6bb0c95d58e4298fa39eb8a1563031a4134c4d74d5a69b533f3837ea9952bbe37f47e261887327

Download Submit
C:\Windows\SysWOW64\oonoeo.exe

Filesize
1KB

MD5
959ca0e5ffff9ca882d1d8dca77a8242

SHA1
5df45ae1db44047f85d137b611b3638b2707e0db

SHA256
e6cd0ee73f44275fc3b79cec679bfd6d12c0daca1ce4912a266c8f0167f8d803

SHA512
a9b978b0612e3d6328e1a5594b072742efe9b01c5568c501e3b81c7d16761d0df32a456a5bc0bed3013f0b7e429157366a76c1be94fadfe3ee2d5e118bbe9c46

Download Submit
memory/312-9-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/312-13-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4848-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download