54ee7b847a08798ab0a6caab6ab09319ab9c65f9c33db98d31b7b49e7c0bd481

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cd4af2b3c6350169e79d64ea25cef55.exe
Size

76KB
MD5

7cd4af2b3c6350169e79d64ea25cef55
SHA1

2072a2ffd9b204beace69ab0a239972ade17920b
SHA256

54ee7b847a08798ab0a6caab6ab09319ab9c65f9c33db98d31b7b49e7c0bd481
SHA512

f89e64f5f6fea7715286a9d17d09c017f2032e4ff3b85e513c5652c5352560c5c8e5a7dbbe2274e19c8cb85dbafc8b06ed08d9ecdff6de12b0c687ce9ce926ad
SSDEEP

1536:TEVMuKKiBPM1zB5v9jN0X72LpDP6ZPI1iexmVEgWortvVx5hjOyVTpuj/L:sMdKiepnfjkbx5hjOyVTQL

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2216	7cd4af2b3c6350169e79d64ea25cef55.exe

Suspicious behavior: MapViewOfSection 21 IoCs

pid	Process
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe
2216	7cd4af2b3c6350169e79d64ea25cef55.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2216	7cd4af2b3c6350169e79d64ea25cef55.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 388	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	25
PID 2216 wrote to memory of 388	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	25
PID 2216 wrote to memory of 388	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	25
PID 2216 wrote to memory of 400	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	24
PID 2216 wrote to memory of 400	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	24
PID 2216 wrote to memory of 400	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	24
PID 2216 wrote to memory of 436	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	23
PID 2216 wrote to memory of 436	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	23
PID 2216 wrote to memory of 436	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	23
PID 2216 wrote to memory of 480	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	22
PID 2216 wrote to memory of 480	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	22
PID 2216 wrote to memory of 480	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	22
PID 2216 wrote to memory of 496	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	21
PID 2216 wrote to memory of 496	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	21
PID 2216 wrote to memory of 496	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	21
PID 2216 wrote to memory of 504	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	20
PID 2216 wrote to memory of 504	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	20
PID 2216 wrote to memory of 504	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	20
PID 2216 wrote to memory of 612	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	19
PID 2216 wrote to memory of 612	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	19
PID 2216 wrote to memory of 612	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	19
PID 2216 wrote to memory of 688	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	18
PID 2216 wrote to memory of 688	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	18
PID 2216 wrote to memory of 688	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	18
PID 2216 wrote to memory of 768	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	17
PID 2216 wrote to memory of 768	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	17
PID 2216 wrote to memory of 768	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	17
PID 2216 wrote to memory of 836	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	16
PID 2216 wrote to memory of 836	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	16
PID 2216 wrote to memory of 836	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	16
PID 2216 wrote to memory of 880	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	14
PID 2216 wrote to memory of 880	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	14
PID 2216 wrote to memory of 880	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	14
PID 2216 wrote to memory of 1008	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	12
PID 2216 wrote to memory of 1008	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	12
PID 2216 wrote to memory of 1008	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	12
PID 2216 wrote to memory of 360	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	11
PID 2216 wrote to memory of 360	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	11
PID 2216 wrote to memory of 360	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	11
PID 2216 wrote to memory of 352	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	10
PID 2216 wrote to memory of 352	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	10
PID 2216 wrote to memory of 352	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	10
PID 2216 wrote to memory of 1036	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	9
PID 2216 wrote to memory of 1036	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	9
PID 2216 wrote to memory of 1036	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	9
PID 2216 wrote to memory of 1256	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	8
PID 2216 wrote to memory of 1256	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	8
PID 2216 wrote to memory of 1256	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	8
PID 2216 wrote to memory of 1332	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	1
PID 2216 wrote to memory of 1332	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	1
PID 2216 wrote to memory of 1332	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	1
PID 2216 wrote to memory of 1368	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	7
PID 2216 wrote to memory of 1368	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	7
PID 2216 wrote to memory of 1368	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	7
PID 2216 wrote to memory of 872	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	5
PID 2216 wrote to memory of 872	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	5
PID 2216 wrote to memory of 872	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	5
PID 2216 wrote to memory of 3068	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	4
PID 2216 wrote to memory of 3068	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	4
PID 2216 wrote to memory of 3068	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	4
PID 2216 wrote to memory of 2872	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	3
PID 2216 wrote to memory of 2872	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	3
PID 2216 wrote to memory of 2872	2216	7cd4af2b3c6350169e79d64ea25cef55.exe	3

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1332

C:\Windows\system32\sppsvc.exe
C:\Windows\system32\sppsvc.exe
1⤵
PID:2872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
1⤵
PID:3068

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:872

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1368
- C:\Users\Admin\AppData\Local\Temp\7cd4af2b3c6350169e79d64ea25cef55.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd4af2b3c6350169e79d64ea25cef55.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2216

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
1⤵
PID:1036

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService
1⤵
PID:360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
1⤵
PID:1008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
1⤵
PID:880

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
1⤵
PID:836

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
1⤵
PID:768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS
1⤵
PID:688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
1⤵
PID:612

C:\Windows\system32\lsm.exe
C:\Windows\system32\lsm.exe
1⤵
PID:504

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:496

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
1⤵
PID:480

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:436

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:400

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2216-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2216-2-0x0000000076F0F000-0x0000000076F10000-memory.dmp

Filesize
4KB

Download
memory/2216-1-0x0000000076F10000-0x0000000076F11000-memory.dmp

Filesize
4KB

Download
memory/2216-3-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download