7f4a3ea921540e70fabd10ad63e1bc317b0dd6e003b00344ff67972483b9e999

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 04:17

Target

716d9c46a3a896ff776132ad7b46c3fb.exe
Size

222KB
MD5

716d9c46a3a896ff776132ad7b46c3fb
SHA1

40d6de046d157aff1ed24a4b2a854560eb4aaec5
SHA256

7f4a3ea921540e70fabd10ad63e1bc317b0dd6e003b00344ff67972483b9e999
SHA512

659851eaa0cdf33b1e1b6781c37311969fe3dd081c5b6ea6bf367b6e558138bfbbf7aabe89a1ec2a73b532abb3a81828f2dd84e396cb718ebc81a5a4ae700f05
SSDEEP

6144:dNQqTVl2aZXdbolhwRbgNTrpOE3qUSU32LYTIzqGFkz:dGqTVl2edolK4P3quOYTIqGWz

Score

7^/10

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1832 cmd.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

716d9c46a3a896ff776132ad7b46c3fb.exe

description pid process target process

PID 4740 set thread context of 1832 4740 716d9c46a3a896ff776132ad7b46c3fb.exe cmd.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

716d9c46a3a896ff776132ad7b46c3fb.exe

description pid process

Token: SeDebugPrivilege 4740 716d9c46a3a896ff776132ad7b46c3fb.exe

pid	process
1832	cmd.exe

description	pid	process	target process
PID 4740 set thread context of 1832	4740	716d9c46a3a896ff776132ad7b46c3fb.exe	cmd.exe

description	pid	process
Token: SeDebugPrivilege	4740	716d9c46a3a896ff776132ad7b46c3fb.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

716d9c46a3a896ff776132ad7b46c3fb.exe

description	pid	process	target process
PID 4740 wrote to memory of 1832	4740	716d9c46a3a896ff776132ad7b46c3fb.exe	cmd.exe
PID 4740 wrote to memory of 1832	4740	716d9c46a3a896ff776132ad7b46c3fb.exe	cmd.exe
PID 4740 wrote to memory of 1832	4740	716d9c46a3a896ff776132ad7b46c3fb.exe	cmd.exe
PID 4740 wrote to memory of 1832	4740	716d9c46a3a896ff776132ad7b46c3fb.exe	cmd.exe

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
2⤵
- Deletes itself
PID:1832

memory/4740-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4740-1-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4740-2-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4740-3-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4740-5-0x0000000002124000-0x0000000002125000-memory.dmp

Filesize
4KB

Download
memory/4740-4-0x0000000002120000-0x0000000002184000-memory.dmp

Filesize
400KB

Download
memory/4740-6-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4740-8-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download