Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05-01-2024 03:25
Behavioral task
behavioral1
Sample
zzhx3xgq.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
zzhx3xgq.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
zzhx3xgq.exe
-
Size
1.5MB
-
MD5
a3e3d841cd7044897873378317693fdb
-
SHA1
80cbd7b77b0bedaa0f1cb80c007a45d84f5b0079
-
SHA256
89f4c5f07cb75c9a8859ffae41aadd4aa7da2fdea29e1241805a01ce317ca186
-
SHA512
9141fe371c73552bfba2412a2b9f3bed0ca7674da591b9fc0115dbc5d2a5b1439516d6b0dc7aefda1e03925adc894a29ef0179d7e65ca80afecbb43c8e96f1fd
-
SSDEEP
24576:Zrayc157T3W5JNaWm8oeGFhNzu60gDS0QOOuHbJ7mcx:ZcbQNA8oFFDD00QMHV7mcx
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe 5088 zzhx3xgq.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 5088 zzhx3xgq.exe