dd02e2a6f580af520625c84f08991d708c2614ee85184a5abdd86359a79cac1d | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 14:18

Sharing

Report Analysis Logs

General

Target

750f0c298d126fe41f6ea52ef84389bc.exe
Size

8KB
MD5

750f0c298d126fe41f6ea52ef84389bc
SHA1

9dff0d71cf3f2de7c78f17b9f3b01f75a64e3687
SHA256

dd02e2a6f580af520625c84f08991d708c2614ee85184a5abdd86359a79cac1d
SHA512

526f669871bbfa75a8c1380f8588eadf5dedb381dbf97a4bf13ed68bfecd26fb00748cd00cbb918ce0f62b96fc984d5b4018adbea8c351bbb5f88d9791d71781
SSDEEP

192:aVl/yowJL/aMjGwP7PMZvz+ebMeFMn0TP:u/YJLW/vlbgs

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2932	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2932	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2932	msiexec.exe
2932	msiexec.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2932	2928	750f0c298d126fe41f6ea52ef84389bc.exe	16
PID 2928 wrote to memory of 2932	2928	750f0c298d126fe41f6ea52ef84389bc.exe	16
PID 2928 wrote to memory of 2932	2928	750f0c298d126fe41f6ea52ef84389bc.exe	16
PID 2928 wrote to memory of 2932	2928	750f0c298d126fe41f6ea52ef84389bc.exe	16
PID 2928 wrote to memory of 2932	2928	750f0c298d126fe41f6ea52ef84389bc.exe	16
PID 2928 wrote to memory of 2932	2928	750f0c298d126fe41f6ea52ef84389bc.exe	16
PID 2928 wrote to memory of 2932	2928	750f0c298d126fe41f6ea52ef84389bc.exe	16

C:\Windows\SysWOW64\msiexec.exe
msiexec /i 64.msi
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2932

C:\Users\Admin\AppData\Local\Temp\750f0c298d126fe41f6ea52ef84389bc.exe
"C:\Users\Admin\AppData\Local\Temp\750f0c298d126fe41f6ea52ef84389bc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads