b7ccec50e3c33b3bbab4dd330ebe3677c069954ef176b5b4cb30030c6cd5b84d

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 15:08

Target

7d4b83377ff4bedd7d8b4995ad3f47d4.exe
Size

356KB
MD5

7d4b83377ff4bedd7d8b4995ad3f47d4
SHA1

831c96814ea7dedc5a275d45be98d5427044f9ee
SHA256

b7ccec50e3c33b3bbab4dd330ebe3677c069954ef176b5b4cb30030c6cd5b84d
SHA512

c680a0c9c7b87932c8dd8da54120760d7c45e7a367bc8d76a56f85d17116a1c391cc0d0d057600f681c27d444a9984699c106118c69c205f2a9b21a4cf43d94d
SSDEEP

3072:+wizJkDX1lHFduu7olifm5HzepQ2Cfm5HzepQ29fm5Hze8l1:nX6ei2A6ei2Z6e

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 472	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	79
PID 4068 wrote to memory of 472	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	79
PID 4068 wrote to memory of 472	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	79
PID 4068 wrote to memory of 2900	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	85
PID 4068 wrote to memory of 2900	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	85
PID 4068 wrote to memory of 2900	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	85
PID 4068 wrote to memory of 1996	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	87
PID 4068 wrote to memory of 1996	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	87
PID 4068 wrote to memory of 1996	4068	7d4b83377ff4bedd7d8b4995ad3f47d4.exe	87

C:\Users\Admin\AppData\Local\Temp\7d4b83377ff4bedd7d8b4995ad3f47d4.exe
"C:\Users\Admin\AppData\Local\Temp\7d4b83377ff4bedd7d8b4995ad3f47d4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:472
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:2900
- C:\Windows\SysWOW64\arp.exe
  "C:\Windows\System32\arp.exe" -a
  2⤵
  PID:1996

memory/4068-0-0x0000000000180000-0x00000000001E0000-memory.dmp

Filesize
384KB

Download
memory/4068-1-0x0000000074980000-0x0000000075130000-memory.dmp

Filesize
7.7MB

Download
memory/4068-2-0x0000000005250000-0x00000000057F4000-memory.dmp

Filesize
5.6MB

Download
memory/4068-3-0x0000000004BF0000-0x0000000004C82000-memory.dmp

Filesize
584KB

Download
memory/4068-4-0x0000000004E10000-0x0000000004E20000-memory.dmp

Filesize
64KB

Download
memory/4068-5-0x0000000074980000-0x0000000075130000-memory.dmp

Filesize
7.7MB

Download