27fed9534ccb16e3aa3ba9b7cdc80b0da0ae3b230228a65544447e5d9aace336

Analysis

max time kernel
0s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 17:00

Target

7eabbfe1f9610f75ff06afa88435fa1d.exe
Size

301KB
MD5

7eabbfe1f9610f75ff06afa88435fa1d
SHA1

30321fc8d3c7438ca647af978bd717bb276e1f1a
SHA256

27fed9534ccb16e3aa3ba9b7cdc80b0da0ae3b230228a65544447e5d9aace336
SHA512

e11beab136fe9072e5a417583d3fdac48cc300e8d934313f99ec55ae28ad8293d1bda09bef9c86eaf7eb9f529413f400616d4bc8a6e0ed5afb23e6226ca11973
SSDEEP

6144:oAUUyJ6UztVT59mxcVXdkr9EAa0szsBmVMM8/w:oAmVT6c/1Rf

Score

8^/10

evasion

Unexpected DNS network traffic destination 2 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	83.133.123.20
Destination IP	83.133.123.20

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	7eabbfe1f9610f75ff06afa88435fa1d.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 3404	2000	7eabbfe1f9610f75ff06afa88435fa1d.exe	48

memory/2000-2-0x0000000000400000-0x000000000044EEF0-memory.dmp

Filesize
315KB

Download
memory/2000-1-0x00000000021B0000-0x00000000025BF000-memory.dmp

Filesize
4.1MB

Download
memory/2000-0-0x0000000000400000-0x000000000044EEF0-memory.dmp

Filesize
315KB

Download
memory/2000-4-0x0000000000400000-0x000000000044EEF0-memory.dmp

Filesize
315KB

Download
memory/3404-3-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/3404-5-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download