1784104251a6aad4fadec7f1b67be15cb2929e5c9603b89c5deb8a4572e91c26

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:01

Target

37172b307d3cccbaaaf3a7f9cb220e1a.exe
Size

411KB
MD5

37172b307d3cccbaaaf3a7f9cb220e1a
SHA1

1182a6567de056be7f65c715915a324f737332a1
SHA256

1784104251a6aad4fadec7f1b67be15cb2929e5c9603b89c5deb8a4572e91c26
SHA512

1da3d04227732e7da5f43b5b16c8acb2cacbd421d95a278f3908f75c22578613816ba14ce8128aa4b3087f192c1fb9e4da0dcc64f1f8424272e69e15fdfefe96
SSDEEP

12288:kJ5gKRm0UBj5jprWAnUXpOQyOzQCKFb9PBBo:66KRxgjprWGUXpg+KFbZB

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2988	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	25
PID 2372 wrote to memory of 2988	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	25
PID 2372 wrote to memory of 2988	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	25
PID 2372 wrote to memory of 2036	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	24
PID 2372 wrote to memory of 2036	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	24
PID 2372 wrote to memory of 2036	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	24
PID 2372 wrote to memory of 3040	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	23
PID 2372 wrote to memory of 3040	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	23
PID 2372 wrote to memory of 3040	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	23
PID 2372 wrote to memory of 960	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	22
PID 2372 wrote to memory of 960	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	22
PID 2372 wrote to memory of 960	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	22
PID 2372 wrote to memory of 3052	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	21
PID 2372 wrote to memory of 3052	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	21
PID 2372 wrote to memory of 3052	2372	37172b307d3cccbaaaf3a7f9cb220e1a.exe	21

C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe
"C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe
  "C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe"
  2⤵
  PID:3052
- C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe
  "C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe"
  2⤵
  PID:960
- C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe
  "C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe"
  2⤵
  PID:3040
- C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe
  "C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe"
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe
  "C:\Users\Admin\AppData\Local\Temp\37172b307d3cccbaaaf3a7f9cb220e1a.exe"
  2⤵
  PID:2988

memory/2372-0-0x0000000000A50000-0x0000000000ABE000-memory.dmp

Filesize
440KB

Download
memory/2372-1-0x000007FEF58F0000-0x000007FEF62DC000-memory.dmp

Filesize
9.9MB

Download
memory/2372-4-0x000007FEF58F0000-0x000007FEF62DC000-memory.dmp

Filesize
9.9MB

Download
memory/2372-3-0x000000001B240000-0x000000001B2C0000-memory.dmp

Filesize
512KB

Download
memory/2372-2-0x00000000001C0000-0x00000000001D4000-memory.dmp

Filesize
80KB

Download