e086d5537516469caaaffab6aaa0e15dde86c4e7a5868a9c08482bd81ede1423

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Size

101KB
MD5

27b2e913d9ea2e3d272ff98b2dd61ad2
SHA1

58b93a58e9df1637f121b4e8214478c03a4be31b
SHA256

e086d5537516469caaaffab6aaa0e15dde86c4e7a5868a9c08482bd81ede1423
SHA512

564c8bc5bc337c9d33f85fd391d2d8e22429ff2bb5271df69a1d2d7016de9e888f3c0a4a8a139f8a7a7ee839b9d81cf0444eec67b9c8c77711f5d2a150e8051b
SSDEEP

192:X7LlK0b00GZY6Wpo5rXPjtetGQoE/yLPkdoKnatPiq2P0x5Dgw/KR9pgaJacKAit:XNVGZXf/VPsoKnaBacxKw/sgrt1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: 4294972872	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 652835041412	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 171798704856	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 3582002725892	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 16234976379168	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 23845658427393	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 85899346028	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 85899346028	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 85899345920	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 85899346018	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 15152644620299	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 15633680957442	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe
Token: 137438953644	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40
PID 1064 wrote to memory of 3404	1064	27b2e913d9ea2e3d272ff98b2dd61ad2.exe	40

C:\Users\Admin\AppData\Local\Temp\27b2e913d9ea2e3d272ff98b2dd61ad2.exe
"C:\Users\Admin\AppData\Local\Temp\27b2e913d9ea2e3d272ff98b2dd61ad2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1064

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1064-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1064-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download