Analysis
-
max time kernel
88s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74ec412ac4abbd35368a12eac7086cd6.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
74ec412ac4abbd35368a12eac7086cd6.exe
-
Size
7KB
-
MD5
74ec412ac4abbd35368a12eac7086cd6
-
SHA1
9d0e3748d8268ab097071e6c31bf1535e6a0c931
-
SHA256
9a246e698694816a9552c58e4fbf66fdd5ed036bfcf82f3446f44b4029e452e4
-
SHA512
362118f49c50765eebab41e0e272508ed9c8fb0eb6b70a6e4290f057fd2afe6c9d7837a739cf54cea663e48e5737489fe560ede6e02c871efa6a11401ef81706
-
SSDEEP
192:oXcoDse8RvzZPPZf5EoV6oaO3HcXlicF:aDseGvp5V6oaQHcbF
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
74ec412ac4abbd35368a12eac7086cd6.exepid process 1356 74ec412ac4abbd35368a12eac7086cd6.exe 1356 74ec412ac4abbd35368a12eac7086cd6.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
74ec412ac4abbd35368a12eac7086cd6.exedescription pid process Token: 0 1356 74ec412ac4abbd35368a12eac7086cd6.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
74ec412ac4abbd35368a12eac7086cd6.exedescription pid process target process PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE PID 1356 wrote to memory of 3452 1356 74ec412ac4abbd35368a12eac7086cd6.exe Explorer.EXE
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3452
-
C:\Users\Admin\AppData\Local\Temp\74ec412ac4abbd35368a12eac7086cd6.exe"C:\Users\Admin\AppData\Local\Temp\74ec412ac4abbd35368a12eac7086cd6.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1356