Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/01/2024, 10:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8231a3d38bc7b4d80468f51b116054c8.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
8231a3d38bc7b4d80468f51b116054c8.exe
Resource
win10v2004-20231215-en
12 signatures
150 seconds
General
-
Target
8231a3d38bc7b4d80468f51b116054c8.exe
-
Size
1003KB
-
MD5
8231a3d38bc7b4d80468f51b116054c8
-
SHA1
3e8a9a6daf2aee6fd2c23cade11f9e60bab26e3a
-
SHA256
09d451633478aca81c8f4c945059160bd9f45fc415e013b1e71f5a07bd865127
-
SHA512
655711c12025172079ea0b07b0c3177004d56d378d1148e5ac6e0c569a46a38958a530b0a26214fa840248df06d98f9c3872e08245e85bd095f7a782d3fdd8a3
-
SSDEEP
24576:9HNiHXt734s2lrIrxT7ZhNlT7dkcOs/h/0S/:9tiHXtDImhX7ecOs/h/0S
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe 2036 8231a3d38bc7b4d80468f51b116054c8.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2036 8231a3d38bc7b4d80468f51b116054c8.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2036 wrote to memory of 2676 2036 8231a3d38bc7b4d80468f51b116054c8.exe 30 PID 2036 wrote to memory of 2676 2036 8231a3d38bc7b4d80468f51b116054c8.exe 30 PID 2036 wrote to memory of 2676 2036 8231a3d38bc7b4d80468f51b116054c8.exe 30 PID 2036 wrote to memory of 2676 2036 8231a3d38bc7b4d80468f51b116054c8.exe 30 PID 2036 wrote to memory of 2616 2036 8231a3d38bc7b4d80468f51b116054c8.exe 31 PID 2036 wrote to memory of 2616 2036 8231a3d38bc7b4d80468f51b116054c8.exe 31 PID 2036 wrote to memory of 2616 2036 8231a3d38bc7b4d80468f51b116054c8.exe 31 PID 2036 wrote to memory of 2616 2036 8231a3d38bc7b4d80468f51b116054c8.exe 31 PID 2036 wrote to memory of 2736 2036 8231a3d38bc7b4d80468f51b116054c8.exe 32 PID 2036 wrote to memory of 2736 2036 8231a3d38bc7b4d80468f51b116054c8.exe 32 PID 2036 wrote to memory of 2736 2036 8231a3d38bc7b4d80468f51b116054c8.exe 32 PID 2036 wrote to memory of 2736 2036 8231a3d38bc7b4d80468f51b116054c8.exe 32 PID 2036 wrote to memory of 2564 2036 8231a3d38bc7b4d80468f51b116054c8.exe 33 PID 2036 wrote to memory of 2564 2036 8231a3d38bc7b4d80468f51b116054c8.exe 33 PID 2036 wrote to memory of 2564 2036 8231a3d38bc7b4d80468f51b116054c8.exe 33 PID 2036 wrote to memory of 2564 2036 8231a3d38bc7b4d80468f51b116054c8.exe 33 PID 2036 wrote to memory of 2572 2036 8231a3d38bc7b4d80468f51b116054c8.exe 34 PID 2036 wrote to memory of 2572 2036 8231a3d38bc7b4d80468f51b116054c8.exe 34 PID 2036 wrote to memory of 2572 2036 8231a3d38bc7b4d80468f51b116054c8.exe 34 PID 2036 wrote to memory of 2572 2036 8231a3d38bc7b4d80468f51b116054c8.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"2⤵PID:2676
-
-
C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"2⤵PID:2616
-
-
C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"2⤵PID:2736
-
-
C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"2⤵PID:2564
-
-
C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"C:\Users\Admin\AppData\Local\Temp\8231a3d38bc7b4d80468f51b116054c8.exe"2⤵PID:2572
-