1e3dedc43019f6188bfe32d181b15a341067ea5bba96c6d9c8c32e7cd644b02c

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 04:41

Target

7c2e90eae04afb2cde1e195a9c4ac9ab.exe
Size

208KB
MD5

7c2e90eae04afb2cde1e195a9c4ac9ab
SHA1

d59484aef721b2fb5e3bdc70875079a556b97097
SHA256

1e3dedc43019f6188bfe32d181b15a341067ea5bba96c6d9c8c32e7cd644b02c
SHA512

59db9ed60409b69ef85c59c09ed60933fcb2d140317ff458f8f7888d2a646de35a4da7780ef8dee61f878496d214231c21849103208f5856848f8d1f57f6778a
SSDEEP

3072:2/SpUqrqYrpWzaMTp2Bb0cbe2cE7Wq7octKT/1XZD+xdcmH9ttBRAtRW0ccK:xUWpCHTps0+vcE7G9XZD+xdcmnqtguK

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4536	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3428 set thread context of 4536	3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe	87

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe
3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe
Token: SeDebugPrivilege	3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 4536	3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe	87
PID 3428 wrote to memory of 4536	3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe	87
PID 3428 wrote to memory of 4536	3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe	87
PID 3428 wrote to memory of 4536	3428	7c2e90eae04afb2cde1e195a9c4ac9ab.exe	87

C:\Users\Admin\AppData\Local\Temp\7c2e90eae04afb2cde1e195a9c4ac9ab.exe
"C:\Users\Admin\AppData\Local\Temp\7c2e90eae04afb2cde1e195a9c4ac9ab.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe"
  2⤵
  - Deletes itself
  PID:4536

memory/3428-0-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/3428-1-0x0000000030670000-0x00000000306BF000-memory.dmp

Filesize
316KB

Download
memory/3428-2-0x0000000030670000-0x00000000306BF000-memory.dmp

Filesize
316KB

Download
memory/3428-4-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/3428-3-0x00000000006B0000-0x00000000006FF000-memory.dmp

Filesize
316KB

Download
memory/3428-5-0x0000000030670000-0x00000000306BF000-memory.dmp

Filesize
316KB

Download
memory/3428-7-0x0000000030670000-0x00000000306BF000-memory.dmp

Filesize
316KB

Download