08a6e3a364e206fdafb1f0bc0a1e97dddd382d74b10d8c38b51500d3b0b0e8cc

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08648143bdf285e755e2d721fc573a87.exe
Size

73KB
MD5

08648143bdf285e755e2d721fc573a87
SHA1

3044cbd8673958f4b0ff5b44ddc4974c040d0910
SHA256

08a6e3a364e206fdafb1f0bc0a1e97dddd382d74b10d8c38b51500d3b0b0e8cc
SHA512

0f8f7c8f171ac9346381b39f11c56703c0d71f49325b1cfb9190dfb931f7e01e970e4ae0d1fda82f434152f4673d8c52717a00e6be25af1e26ad336dbb82b175
SSDEEP

1536:t2L+AUTpldYoCuvMuGakmx1psi1ZLS7HL5TMeqF:t2L+AUTpldmukuG41si1ZLS7Hh

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2336	08648143bdf285e755e2d721fc573a87.exe

Suspicious behavior: MapViewOfSection 21 IoCs

pid	Process
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe
2336	08648143bdf285e755e2d721fc573a87.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	08648143bdf285e755e2d721fc573a87.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 376	2336	08648143bdf285e755e2d721fc573a87.exe	2
PID 2336 wrote to memory of 376	2336	08648143bdf285e755e2d721fc573a87.exe	2
PID 2336 wrote to memory of 376	2336	08648143bdf285e755e2d721fc573a87.exe	2
PID 2336 wrote to memory of 376	2336	08648143bdf285e755e2d721fc573a87.exe	2
PID 2336 wrote to memory of 376	2336	08648143bdf285e755e2d721fc573a87.exe	2
PID 2336 wrote to memory of 388	2336	08648143bdf285e755e2d721fc573a87.exe	1
PID 2336 wrote to memory of 388	2336	08648143bdf285e755e2d721fc573a87.exe	1
PID 2336 wrote to memory of 388	2336	08648143bdf285e755e2d721fc573a87.exe	1
PID 2336 wrote to memory of 388	2336	08648143bdf285e755e2d721fc573a87.exe	1
PID 2336 wrote to memory of 388	2336	08648143bdf285e755e2d721fc573a87.exe	1
PID 2336 wrote to memory of 424	2336	08648143bdf285e755e2d721fc573a87.exe	5
PID 2336 wrote to memory of 424	2336	08648143bdf285e755e2d721fc573a87.exe	5
PID 2336 wrote to memory of 424	2336	08648143bdf285e755e2d721fc573a87.exe	5
PID 2336 wrote to memory of 424	2336	08648143bdf285e755e2d721fc573a87.exe	5
PID 2336 wrote to memory of 424	2336	08648143bdf285e755e2d721fc573a87.exe	5
PID 2336 wrote to memory of 468	2336	08648143bdf285e755e2d721fc573a87.exe	6
PID 2336 wrote to memory of 468	2336	08648143bdf285e755e2d721fc573a87.exe	6
PID 2336 wrote to memory of 468	2336	08648143bdf285e755e2d721fc573a87.exe	6
PID 2336 wrote to memory of 468	2336	08648143bdf285e755e2d721fc573a87.exe	6
PID 2336 wrote to memory of 468	2336	08648143bdf285e755e2d721fc573a87.exe	6
PID 2336 wrote to memory of 484	2336	08648143bdf285e755e2d721fc573a87.exe	7
PID 2336 wrote to memory of 484	2336	08648143bdf285e755e2d721fc573a87.exe	7
PID 2336 wrote to memory of 484	2336	08648143bdf285e755e2d721fc573a87.exe	7
PID 2336 wrote to memory of 484	2336	08648143bdf285e755e2d721fc573a87.exe	7
PID 2336 wrote to memory of 484	2336	08648143bdf285e755e2d721fc573a87.exe	7
PID 2336 wrote to memory of 492	2336	08648143bdf285e755e2d721fc573a87.exe	8
PID 2336 wrote to memory of 492	2336	08648143bdf285e755e2d721fc573a87.exe	8
PID 2336 wrote to memory of 492	2336	08648143bdf285e755e2d721fc573a87.exe	8
PID 2336 wrote to memory of 492	2336	08648143bdf285e755e2d721fc573a87.exe	8
PID 2336 wrote to memory of 492	2336	08648143bdf285e755e2d721fc573a87.exe	8
PID 2336 wrote to memory of 604	2336	08648143bdf285e755e2d721fc573a87.exe	27
PID 2336 wrote to memory of 604	2336	08648143bdf285e755e2d721fc573a87.exe	27
PID 2336 wrote to memory of 604	2336	08648143bdf285e755e2d721fc573a87.exe	27
PID 2336 wrote to memory of 604	2336	08648143bdf285e755e2d721fc573a87.exe	27
PID 2336 wrote to memory of 604	2336	08648143bdf285e755e2d721fc573a87.exe	27
PID 2336 wrote to memory of 680	2336	08648143bdf285e755e2d721fc573a87.exe	26
PID 2336 wrote to memory of 680	2336	08648143bdf285e755e2d721fc573a87.exe	26
PID 2336 wrote to memory of 680	2336	08648143bdf285e755e2d721fc573a87.exe	26
PID 2336 wrote to memory of 680	2336	08648143bdf285e755e2d721fc573a87.exe	26
PID 2336 wrote to memory of 680	2336	08648143bdf285e755e2d721fc573a87.exe	26
PID 2336 wrote to memory of 768	2336	08648143bdf285e755e2d721fc573a87.exe	25
PID 2336 wrote to memory of 768	2336	08648143bdf285e755e2d721fc573a87.exe	25
PID 2336 wrote to memory of 768	2336	08648143bdf285e755e2d721fc573a87.exe	25
PID 2336 wrote to memory of 768	2336	08648143bdf285e755e2d721fc573a87.exe	25
PID 2336 wrote to memory of 768	2336	08648143bdf285e755e2d721fc573a87.exe	25
PID 2336 wrote to memory of 820	2336	08648143bdf285e755e2d721fc573a87.exe	24
PID 2336 wrote to memory of 820	2336	08648143bdf285e755e2d721fc573a87.exe	24
PID 2336 wrote to memory of 820	2336	08648143bdf285e755e2d721fc573a87.exe	24
PID 2336 wrote to memory of 820	2336	08648143bdf285e755e2d721fc573a87.exe	24
PID 2336 wrote to memory of 820	2336	08648143bdf285e755e2d721fc573a87.exe	24
PID 2336 wrote to memory of 844	2336	08648143bdf285e755e2d721fc573a87.exe	9
PID 2336 wrote to memory of 844	2336	08648143bdf285e755e2d721fc573a87.exe	9
PID 2336 wrote to memory of 844	2336	08648143bdf285e755e2d721fc573a87.exe	9
PID 2336 wrote to memory of 844	2336	08648143bdf285e755e2d721fc573a87.exe	9
PID 2336 wrote to memory of 844	2336	08648143bdf285e755e2d721fc573a87.exe	9
PID 2336 wrote to memory of 972	2336	08648143bdf285e755e2d721fc573a87.exe	10
PID 2336 wrote to memory of 972	2336	08648143bdf285e755e2d721fc573a87.exe	10
PID 2336 wrote to memory of 972	2336	08648143bdf285e755e2d721fc573a87.exe	10
PID 2336 wrote to memory of 972	2336	08648143bdf285e755e2d721fc573a87.exe	10
PID 2336 wrote to memory of 972	2336	08648143bdf285e755e2d721fc573a87.exe	10
PID 2336 wrote to memory of 284	2336	08648143bdf285e755e2d721fc573a87.exe	11
PID 2336 wrote to memory of 284	2336	08648143bdf285e755e2d721fc573a87.exe	11
PID 2336 wrote to memory of 284	2336	08648143bdf285e755e2d721fc573a87.exe	11
PID 2336 wrote to memory of 284	2336	08648143bdf285e755e2d721fc573a87.exe	11

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:388

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:376
- C:\Windows\system32\services.exe
  C:\Windows\system32\services.exe
  2⤵
  PID:468
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    3⤵
    PID:844
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService
    3⤵
    PID:972
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    3⤵
    PID:284
- - C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    3⤵
    PID:1232
- - C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\sppsvc.exe
    3⤵
    PID:392
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    3⤵
    PID:2384
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    3⤵
    PID:1052
- - C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    3⤵
    PID:332
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    3⤵
    PID:820
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    3⤵
    PID:768
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    3⤵
    PID:680
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    3⤵
    PID:604
- C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsass.exe
  2⤵
  PID:484
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:492

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:424

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\08648143bdf285e755e2d721fc573a87.exe
"C:\Users\Admin\AppData\Local\Temp\08648143bdf285e755e2d721fc573a87.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1100

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2336-0-0x0000000001000000-0x000000000101A000-memory.dmp

Filesize
104KB

Download
memory/2336-1-0x0000000077600000-0x0000000077601000-memory.dmp

Filesize
4KB

Download
memory/2336-3-0x0000000001000000-0x000000000101A000-memory.dmp

Filesize
104KB

Download
memory/2336-2-0x00000000775FF000-0x0000000077600000-memory.dmp

Filesize
4KB

Download