33fa387857766596127e8df07718310cb14d95355eec15b5c7980a355d6a7450

Analysis

max time kernel
151s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 02:35

Target

0bd6d5c9273a3bdc46dbdbd816940a84.exe
Size

31KB
MD5

0bd6d5c9273a3bdc46dbdbd816940a84
SHA1

28c3e832651ed18858cdb7be81ba7bc8893a3a5a
SHA256

33fa387857766596127e8df07718310cb14d95355eec15b5c7980a355d6a7450
SHA512

5574c4125256435edf3eeb0bfa37ca95f51cc9663985f78a449eba0dd18bd45315692fb8e3683f051144ed85482eddaf58fe5aadfcde0fc027b7a9be09f3a3e8
SSDEEP

768:JRFSsBYw3PlLjM868R8Z8s888m8E8QvF7I+qJj8aUJNGtkqsN4NOnCQsEyfyPiF+:ln/Mzq+5hRpfvF7I+KQau+VNOnjsEyXY

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2472 set thread context of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2148	0bd6d5c9273a3bdc46dbdbd816940a84.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28
PID 2472 wrote to memory of 2148	2472	0bd6d5c9273a3bdc46dbdbd816940a84.exe	28

C:\Users\Admin\AppData\Local\Temp\0bd6d5c9273a3bdc46dbdbd816940a84.exe
"C:\Users\Admin\AppData\Local\Temp\0bd6d5c9273a3bdc46dbdbd816940a84.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2472
- \??\c:\users\admin\appdata\local\temp\0bd6d5c9273a3bdc46dbdbd816940a84.exe
  "c:\users\admin\appdata\local\temp\0bd6d5c9273a3bdc46dbdbd816940a84.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2148

C:\Users\Admin\AppData\Local\Temp\~!#A900.tmp

Filesize
213KB

MD5
9755e89b54605c611b36866e2f4ee46b

SHA1
ad6f53c1af9151ec13dedb0f7fe91d712681d277

SHA256
3dfa81adddeadfc535fa8820fe2047d244d41e03f93ef2add34ba8fc9889f0cb

SHA512
624a4585c4d279fa1471e3918efd72909ebbe0d49f27375f50bb7b22124929fa49fe3be096da5b9c8e4868c61d4b51350cddb749a1ff64c0bafd0b21cbdf2fe1

Download Submit
memory/2148-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2148-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2148-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2148-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2148-8-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2148-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2148-12-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2148-13-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2148-29-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download