de553ee7fcb8a84844e1f3117857d191ea2bd55cab550aea334a18b31a9238bb

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abce65a225a4a867b3a21d42a998332a.exe
Size

1.6MB
MD5

abce65a225a4a867b3a21d42a998332a
SHA1

e1a8f550c517421231f1535a3664c7e18603ffc7
SHA256

de553ee7fcb8a84844e1f3117857d191ea2bd55cab550aea334a18b31a9238bb
SHA512

08927aa662b8cc588e49a4879d323fea65b95ceb568b03d7d2eee35dd473a46cee6a2a608208946f9c3d4ced6d74d257c3a5121d9d629d9186ff9ce728e1bc40
SSDEEP

24576:F+uaW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+hug:cCiecylJAVwe5NQuiNB/e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe
2252	abce65a225a4a867b3a21d42a998332a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2252	abce65a225a4a867b3a21d42a998332a.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2644	2252	abce65a225a4a867b3a21d42a998332a.exe	34
PID 2252 wrote to memory of 2644	2252	abce65a225a4a867b3a21d42a998332a.exe	34
PID 2252 wrote to memory of 2644	2252	abce65a225a4a867b3a21d42a998332a.exe	34
PID 2252 wrote to memory of 2644	2252	abce65a225a4a867b3a21d42a998332a.exe	34
PID 2252 wrote to memory of 2648	2252	abce65a225a4a867b3a21d42a998332a.exe	33
PID 2252 wrote to memory of 2648	2252	abce65a225a4a867b3a21d42a998332a.exe	33
PID 2252 wrote to memory of 2648	2252	abce65a225a4a867b3a21d42a998332a.exe	33
PID 2252 wrote to memory of 2648	2252	abce65a225a4a867b3a21d42a998332a.exe	33
PID 2252 wrote to memory of 2524	2252	abce65a225a4a867b3a21d42a998332a.exe	32
PID 2252 wrote to memory of 2524	2252	abce65a225a4a867b3a21d42a998332a.exe	32
PID 2252 wrote to memory of 2524	2252	abce65a225a4a867b3a21d42a998332a.exe	32
PID 2252 wrote to memory of 2524	2252	abce65a225a4a867b3a21d42a998332a.exe	32
PID 2252 wrote to memory of 2592	2252	abce65a225a4a867b3a21d42a998332a.exe	31
PID 2252 wrote to memory of 2592	2252	abce65a225a4a867b3a21d42a998332a.exe	31
PID 2252 wrote to memory of 2592	2252	abce65a225a4a867b3a21d42a998332a.exe	31
PID 2252 wrote to memory of 2592	2252	abce65a225a4a867b3a21d42a998332a.exe	31
PID 2252 wrote to memory of 2480	2252	abce65a225a4a867b3a21d42a998332a.exe	30
PID 2252 wrote to memory of 2480	2252	abce65a225a4a867b3a21d42a998332a.exe	30
PID 2252 wrote to memory of 2480	2252	abce65a225a4a867b3a21d42a998332a.exe	30
PID 2252 wrote to memory of 2480	2252	abce65a225a4a867b3a21d42a998332a.exe	30

C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe
"C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe
  "C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe"
  2⤵
  PID:2480
- C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe
  "C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe"
  2⤵
  PID:2592
- C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe
  "C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe"
  2⤵
  PID:2524
- C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe
  "C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe"
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe
  "C:\Users\Admin\AppData\Local\Temp\abce65a225a4a867b3a21d42a998332a.exe"
  2⤵
  PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2252-0-0x00000000002A0000-0x0000000000436000-memory.dmp

Filesize
1.6MB

Download
memory/2252-1-0x0000000074730000-0x0000000074E1E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-2-0x0000000002120000-0x0000000002160000-memory.dmp

Filesize
256KB

Download
memory/2252-3-0x0000000000710000-0x0000000000746000-memory.dmp

Filesize
216KB

Download
memory/2252-4-0x0000000074730000-0x0000000074E1E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-5-0x0000000002120000-0x0000000002160000-memory.dmp

Filesize
256KB

Download
memory/2252-6-0x00000000052D0000-0x000000000534A000-memory.dmp

Filesize
488KB

Download
memory/2252-8-0x0000000074730000-0x0000000074E1E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-7-0x0000000002040000-0x000000000207E000-memory.dmp

Filesize
248KB

Download