91458a459b5d3b70f7fbf38506d16114d30c55851991a5dc7837e394a8b3f1e5

Analysis

max time kernel
142s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 02:01

Target

85a2e8b031052691aba3256a82bc4eab.exe
Size

8KB
MD5

85a2e8b031052691aba3256a82bc4eab
SHA1

0781146ae4a9a2b826ab4f0ca7b6e940ccdc2e26
SHA256

91458a459b5d3b70f7fbf38506d16114d30c55851991a5dc7837e394a8b3f1e5
SHA512

91f30f3f34733683cee2e74a0ce62502a294bf8e7503deb6b0ffe4328a2ad04e4e4d0aa2b85058e944a96b50f8e83bd93ca4bc697a48e2bc88cec8cc9ad1e8bc
SSDEEP

192:AeWvuWvAPZodl6STyRcQJCKb2R1GY5X7h8B4LUSZ7vegQg6l:AeWvuWvAPZo76NRtrKNZ7h88U07vLQgc

Score

4^/10

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\yt8a.exe	85a2e8b031052691aba3256a82bc4eab.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\yt8a.exe	85a2e8b031052691aba3256a82bc4eab.exe
File created	C:\Program Files (x86)\NetMeeting\Isinter.gif	85a2e8b031052691aba3256a82bc4eab.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1944	85a2e8b031052691aba3256a82bc4eab.exe
Token: SeIncBasePriorityPrivilege	1944	85a2e8b031052691aba3256a82bc4eab.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1944	85a2e8b031052691aba3256a82bc4eab.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\q[1].htm

Filesize
34B

MD5
e810047182af18c69834d89aef3cbbad

SHA1
b2324598e603b6aed2b191c50eacb5ecb9b81744

SHA256
5f3ae942fa25dae8fea11bfe5a7dd6f1b41ecbc71a2256e7f0299221c300dca7

SHA512
97684327d460831be382f81b0c1d9f42013f3125c846482582f920af9b213d9749fc91735179840f11feb68bf7e42dd37a9c54509acaf8488826cafd6eed634d

Download Submit
memory/1944-4-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download