cab0fbe0e31af603ceb54ea7e21af9fcc3d01158251670a67f9181224810c1f9

Analysis

max time kernel
93s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 16:15

Target

8753fd0f95dd863e8466319c025f3cab.exe
Size

24KB
MD5

8753fd0f95dd863e8466319c025f3cab
SHA1

4fc2700a5c35dfd25b95c0657bd1f25f941a1486
SHA256

cab0fbe0e31af603ceb54ea7e21af9fcc3d01158251670a67f9181224810c1f9
SHA512

496a6450a5d776eec9f7ce784963c183c984b25c62550a1f83c5b9403781d90bf062232d23ea2b3d2fc75df627a37b53a3d5a92f36849921cde56b641d3afcba
SSDEEP

384:2ddmAkbFyDXnxRCDogW/8AoW0fQFxH/f4kVdjaLacmkC0GJsJxXSdqWxDEWl:RVbFmhQDoqA6fQFxfftjaLacmkLGK+3

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\systemInfomations.ini	8753fd0f95dd863e8466319c025f3cab.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	explorer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1440	8753fd0f95dd863e8466319c025f3cab.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 3236	1440	8753fd0f95dd863e8466319c025f3cab.exe	85
PID 1440 wrote to memory of 3236	1440	8753fd0f95dd863e8466319c025f3cab.exe	85

C:\Users\Admin\AppData\Local\Temp\8753fd0f95dd863e8466319c025f3cab.exe
"C:\Users\Admin\AppData\Local\Temp\8753fd0f95dd863e8466319c025f3cab.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  - Modifies registry class
  PID:3236