5970b0a4aeafae6167a664217cf597daf7ef3a333c6a1c8e916e5f39263b4ce8

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b8f82354c7f3f877a5b12564ef324c2.exe
Size

7.9MB
MD5

0b8f82354c7f3f877a5b12564ef324c2
SHA1

d697ce9a609a95548c72129ad31749e99a8b8fd2
SHA256

5970b0a4aeafae6167a664217cf597daf7ef3a333c6a1c8e916e5f39263b4ce8
SHA512

2e2d7b2d276b05aa0339f1c69c71c2f1bb35e543a9fb33a7956f465fe1b6db8c94c449d5cabc78e6ceb9f470e1caed15dcf5f8d5516b91112dd1dde685470345
SSDEEP

196608:1qCQ/HzjC/x0hcR0AlW648X0JBjxaOjpEpPPiT9xHApJYith:sG/9/lQ8X0JBjEPgxgpJYa

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2212	0b8f82354c7f3f877a5b12564ef324c2.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2720	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	28
PID 2212 wrote to memory of 2720	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	28
PID 2212 wrote to memory of 2720	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	28
PID 2212 wrote to memory of 2720	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	28
PID 2212 wrote to memory of 2592	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	33
PID 2212 wrote to memory of 2592	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	33
PID 2212 wrote to memory of 2592	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	33
PID 2212 wrote to memory of 2592	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	33
PID 2212 wrote to memory of 2228	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	32
PID 2212 wrote to memory of 2228	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	32
PID 2212 wrote to memory of 2228	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	32
PID 2212 wrote to memory of 2228	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	32
PID 2212 wrote to memory of 2792	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	34
PID 2212 wrote to memory of 2792	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	34
PID 2212 wrote to memory of 2792	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	34
PID 2212 wrote to memory of 2792	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	34
PID 2212 wrote to memory of 2924	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	37
PID 2212 wrote to memory of 2924	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	37
PID 2212 wrote to memory of 2924	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	37
PID 2212 wrote to memory of 2924	2212	0b8f82354c7f3f877a5b12564ef324c2.exe	37

C:\Users\Admin\AppData\Local\Temp\0b8f82354c7f3f877a5b12564ef324c2.exe
"C:\Users\Admin\AppData\Local\Temp\0b8f82354c7f3f877a5b12564ef324c2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:2720
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:2228
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:2592
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:2792
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CabA0B4.tmp

Filesize
54KB

MD5
2d97d62c9747a130b0013329a1f87a35

SHA1
057a6edbe4ab475d4e6ac2c8d10d91ea2be083bf

SHA256
a5c35cb12ca5fbf351ef23e0a0e7981b2711a6242ac6bac64678dc1a357caae0

SHA512
0f81f42d2f0bf6c9bdc115254556ab46611b3d71f43b3cc3f3f018b603f2fd79b74d694123cf240ae1c41fbb9a2f044ea456c1da9ee82388660f68f235fae082

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA0F6.tmp

Filesize
54KB

MD5
0665c6668563479424942b62dbf9e52d

SHA1
aff19cc6691b84401d08d5920cc5b5af1f0b3956

SHA256
e3901ce4dadb2391d909680a83d735a892cafdf5f251ceb1f0301b0ea202c88b

SHA512
b6cb351fba358a012644891c9a536f8d1999a50c57ff8922d4fc864f10bdbb8d2df8cff0e557444606ab8da7fb52377b73d3f58d3eabcd6143d7fe9aa58c6f5f

Download Submit
memory/2212-0-0x0000000074C50000-0x000000007533E000-memory.dmp

Filesize
6.9MB

Download
memory/2212-1-0x0000000000130000-0x000000000091E000-memory.dmp

Filesize
7.9MB

Download
memory/2212-2-0x0000000008480000-0x0000000008C12000-memory.dmp

Filesize
7.6MB

Download
memory/2212-3-0x0000000004FA0000-0x0000000004FE0000-memory.dmp

Filesize
256KB

Download
memory/2212-4-0x0000000074C50000-0x000000007533E000-memory.dmp

Filesize
6.9MB

Download
memory/2212-5-0x0000000004FA0000-0x0000000004FE0000-memory.dmp

Filesize
256KB

Download
memory/2212-7-0x0000000000C90000-0x0000000000C9A000-memory.dmp

Filesize
40KB

Download
memory/2212-6-0x0000000000C90000-0x0000000000C9A000-memory.dmp

Filesize
40KB

Download
memory/2212-42-0x0000000074C50000-0x000000007533E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads