Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 04:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4a6a3aa303751be208ad65a1ac13d5c4.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
4a6a3aa303751be208ad65a1ac13d5c4.exe
Resource
win10v2004-20231215-en
0 signatures
150 seconds
General
-
Target
4a6a3aa303751be208ad65a1ac13d5c4.exe
-
Size
29KB
-
MD5
4a6a3aa303751be208ad65a1ac13d5c4
-
SHA1
acf9fa59608b627dd05c0cc8894d46eba2259eeb
-
SHA256
21fca80a9980d06932af850e21a712ae0ecc46d24c18f123f1fd952c1870265a
-
SHA512
23f02c0d9caf0657d0e25755bef5b66d6b8cd2ae0aa0f6c41811fb166ac52e27665289850d56e94203e76f01dce25d123988be7c4ffca1dc67cbd9fcfc8ac7b2
-
SSDEEP
384:4TiKknWU8kRW24Lr8ln4eh5V+MQE+yWJ4Cz0DX76jYWXGABVCEhi8K8WPT:HKk8kULan//EM/RWJWDX7MYtS
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe -
Suspicious behavior: MapViewOfSection 21 IoCs
pid Process 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2640 wrote to memory of 372 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 5 PID 2640 wrote to memory of 372 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 5 PID 2640 wrote to memory of 372 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 5 PID 2640 wrote to memory of 372 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 5 PID 2640 wrote to memory of 372 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 5 PID 2640 wrote to memory of 372 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 5 PID 2640 wrote to memory of 372 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 5 PID 2640 wrote to memory of 388 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 4 PID 2640 wrote to memory of 388 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 4 PID 2640 wrote to memory of 388 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 4 PID 2640 wrote to memory of 388 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 4 PID 2640 wrote to memory of 388 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 4 PID 2640 wrote to memory of 388 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 4 PID 2640 wrote to memory of 388 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 4 PID 2640 wrote to memory of 424 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 3 PID 2640 wrote to memory of 424 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 3 PID 2640 wrote to memory of 424 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 3 PID 2640 wrote to memory of 424 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 3 PID 2640 wrote to memory of 424 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 3 PID 2640 wrote to memory of 424 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 3 PID 2640 wrote to memory of 424 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 3 PID 2640 wrote to memory of 468 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2 PID 2640 wrote to memory of 468 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2 PID 2640 wrote to memory of 468 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2 PID 2640 wrote to memory of 468 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2 PID 2640 wrote to memory of 468 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2 PID 2640 wrote to memory of 468 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2 PID 2640 wrote to memory of 468 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 2 PID 2640 wrote to memory of 484 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 1 PID 2640 wrote to memory of 484 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 1 PID 2640 wrote to memory of 484 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 1 PID 2640 wrote to memory of 484 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 1 PID 2640 wrote to memory of 484 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 1 PID 2640 wrote to memory of 484 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 1 PID 2640 wrote to memory of 484 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 1 PID 2640 wrote to memory of 492 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 8 PID 2640 wrote to memory of 492 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 8 PID 2640 wrote to memory of 492 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 8 PID 2640 wrote to memory of 492 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 8 PID 2640 wrote to memory of 492 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 8 PID 2640 wrote to memory of 492 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 8 PID 2640 wrote to memory of 492 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 8 PID 2640 wrote to memory of 600 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 27 PID 2640 wrote to memory of 600 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 27 PID 2640 wrote to memory of 600 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 27 PID 2640 wrote to memory of 600 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 27 PID 2640 wrote to memory of 600 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 27 PID 2640 wrote to memory of 600 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 27 PID 2640 wrote to memory of 600 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 27 PID 2640 wrote to memory of 680 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 26 PID 2640 wrote to memory of 680 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 26 PID 2640 wrote to memory of 680 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 26 PID 2640 wrote to memory of 680 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 26 PID 2640 wrote to memory of 680 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 26 PID 2640 wrote to memory of 680 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 26 PID 2640 wrote to memory of 680 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 26 PID 2640 wrote to memory of 748 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 25 PID 2640 wrote to memory of 748 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 25 PID 2640 wrote to memory of 748 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 25 PID 2640 wrote to memory of 748 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 25 PID 2640 wrote to memory of 748 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 25 PID 2640 wrote to memory of 748 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 25 PID 2640 wrote to memory of 748 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 25 PID 2640 wrote to memory of 820 2640 4a6a3aa303751be208ad65a1ac13d5c4.exe 9
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵PID:484
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe1⤵PID:468
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted2⤵PID:820
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"3⤵PID:1376
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService2⤵PID:1004
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork2⤵PID:1040
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation2⤵PID:1888
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe2⤵PID:2004
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"2⤵PID:1276
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe2⤵PID:308
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService2⤵PID:332
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs2⤵PID:860
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted2⤵PID:748
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS2⤵PID:680
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch2⤵PID:600
-
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:424
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:388
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:372
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:492
-
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1420
-
C:\Users\Admin\AppData\Local\Temp\4a6a3aa303751be208ad65a1ac13d5c4.exe"C:\Users\Admin\AppData\Local\Temp\4a6a3aa303751be208ad65a1ac13d5c4.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2640
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:1720