a49244caee6dcff5c2e97e618a0fda25bb1fa0f8a7a0d7e87a7446519fdcbc81

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12ecdcaab5d143dd2a58f6ddfdd27d00.exe
Size

802KB
MD5

12ecdcaab5d143dd2a58f6ddfdd27d00
SHA1

c42ca28e5792e791122e5f0d3bad91cc7c48df09
SHA256

a49244caee6dcff5c2e97e618a0fda25bb1fa0f8a7a0d7e87a7446519fdcbc81
SHA512

a24a6cf9cbbf3c532930cfa0a59ad557a3c574cd1abb8ae1e12e69e2b6be4bf7df103be15e7fa2127728e62bf627bf5cc411f6b0fc4741320bef91e3c988b513
SSDEEP

12288:WRUp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX7z24Cr8+8M:GpzlQww/QTLYh6SFcwqhHk

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

12ecdcaab5d143dd2a58f6ddfdd27d00.exe

pid	process
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

12ecdcaab5d143dd2a58f6ddfdd27d00.exe

description pid process

Token: SeDebugPrivilege 2672 12ecdcaab5d143dd2a58f6ddfdd27d00.exe

description	pid	process
Token: SeDebugPrivilege	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

12ecdcaab5d143dd2a58f6ddfdd27d00.exe

C:\Users\Admin\AppData\Local\Temp\12ecdcaab5d143dd2a58f6ddfdd27d00.exe
"C:\Users\Admin\AppData\Local\Temp\12ecdcaab5d143dd2a58f6ddfdd27d00.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\12ecdcaab5d143dd2a58f6ddfdd27d00.exe
  "{path}"
  2⤵
  PID:2228
- C:\Users\Admin\AppData\Local\Temp\12ecdcaab5d143dd2a58f6ddfdd27d00.exe
  "{path}"
  2⤵
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\12ecdcaab5d143dd2a58f6ddfdd27d00.exe
  "{path}"
  2⤵
  PID:2604
- C:\Users\Admin\AppData\Local\Temp\12ecdcaab5d143dd2a58f6ddfdd27d00.exe
  "{path}"
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\12ecdcaab5d143dd2a58f6ddfdd27d00.exe
  "{path}"
  2⤵
  PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-1-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download
memory/2672-0-0x0000000000340000-0x000000000040E000-memory.dmp

Filesize
824KB

Download
memory/2672-2-0x00000000002F0000-0x0000000000330000-memory.dmp

Filesize
256KB

Download
memory/2672-3-0x0000000000330000-0x0000000000338000-memory.dmp

Filesize
32KB

Download
memory/2672-4-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download
memory/2672-5-0x00000000002F0000-0x0000000000330000-memory.dmp

Filesize
256KB

Download
memory/2672-6-0x00000000058E0000-0x000000000599A000-memory.dmp

Filesize
744KB

Download
memory/2672-7-0x0000000005260000-0x00000000052CE000-memory.dmp

Filesize
440KB

Download
memory/2672-8-0x00000000746C0000-0x0000000074DAE000-memory.dmp

Filesize
6.9MB

Download

description	pid	process	target process
PID 2672 wrote to memory of 2228	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2228	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2228	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2228	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2596	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2596	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2596	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2596	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2604	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2604	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2604	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2604	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2612	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2612	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2612	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2612	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2636	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2636	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2636	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe
PID 2672 wrote to memory of 2636	2672	12ecdcaab5d143dd2a58f6ddfdd27d00.exe	12ecdcaab5d143dd2a58f6ddfdd27d00.exe