61919d7659ebe7739b84103949e03da49e2d7c1d2f7e89c2da20dfc162a78ce2

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:41

Target

6b9780078e6db405bd4ccb326ef5d353.exe
Size

213KB
MD5

6b9780078e6db405bd4ccb326ef5d353
SHA1

e71782507b88d4ad0cafe06716204c99a4b40cc6
SHA256

61919d7659ebe7739b84103949e03da49e2d7c1d2f7e89c2da20dfc162a78ce2
SHA512

0bbccd5755c125b4f604f6f148cc81bb2afeac81537b6054094691a7821326ea68881f726fe4a5c0dac382fbfa590872078b6d592949e265ff708117954600ec
SSDEEP

768:Vk5FtM8eLMVVA4Telc7nQWiWpXwi8HTEVFkfHqelVb:y5FKLMgHlBUmi8HgkfKY

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
2756	Updget.exe
3036	Updget.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2464	6b9780078e6db405bd4ccb326ef5d353.exe
Token: SeDebugPrivilege	3036	Updget.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2632	2464	6b9780078e6db405bd4ccb326ef5d353.exe	30
PID 2464 wrote to memory of 2632	2464	6b9780078e6db405bd4ccb326ef5d353.exe	30
PID 2464 wrote to memory of 2632	2464	6b9780078e6db405bd4ccb326ef5d353.exe	30
PID 2632 wrote to memory of 2756	2632	cmd.exe	28
PID 2632 wrote to memory of 2756	2632	cmd.exe	28
PID 2632 wrote to memory of 2756	2632	cmd.exe	28
PID 2632 wrote to memory of 3036	2632	cmd.exe	31
PID 2632 wrote to memory of 3036	2632	cmd.exe	31
PID 2632 wrote to memory of 3036	2632	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\1e3edc12-f308-490b-86dc-8b6ac13d4f16\Updget.exe
"C:\Users\Admin\AppData\Local\Temp\1e3edc12-f308-490b-86dc-8b6ac13d4f16\updget.exe" settitle -title "Autoservicio" -nologo
1⤵
- Executes dropped EXE
PID:2756

memory/2464-22-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/2464-1-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/2464-2-0x000000001B160000-0x000000001B1E0000-memory.dmp

Filesize
512KB

Download
memory/2464-0-0x00000000010A0000-0x00000000010DA000-memory.dmp

Filesize
232KB

Download
memory/2464-25-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/2756-16-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/2756-18-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/2756-17-0x000000001B210000-0x000000001B290000-memory.dmp

Filesize
512KB

Download
memory/2756-15-0x0000000000E10000-0x0000000000E22000-memory.dmp

Filesize
72KB

Download
memory/3036-20-0x0000000001040000-0x0000000001052000-memory.dmp

Filesize
72KB

Download
memory/3036-21-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/3036-23-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/3036-24-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download