cfe11346f3a0bba4d3a0c6e55d7df42a14042cde4f49364bacf1a84a9b531627

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 07:41

Target

8e9785ce0b79a233b5523934ca75ee30.exe
Size

45KB
MD5

8e9785ce0b79a233b5523934ca75ee30
SHA1

ac7fb2c303142347c7e91a52a32cea38ed4f5b44
SHA256

cfe11346f3a0bba4d3a0c6e55d7df42a14042cde4f49364bacf1a84a9b531627
SHA512

06011cc76c3138b4dee2fe0d8c04dcd8ff30259d33b863f2d88355b17344efd5ca9001ee1b21733917cd95b4009bb7789445e5aef9b67a87c9880bf8808f06be
SSDEEP

768:5w2AFB4Ox9WfDsTSu8vj5wJhiyLjMCFOB4MTDJuj1IeHy9Ueel0n:58BxwNj2kC2jXJO1ree

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1688	8e9785ce0b79a233b5523934ca75ee30.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1688	8e9785ce0b79a233b5523934ca75ee30.exe
Token: SeSystemtimePrivilege	1688	8e9785ce0b79a233b5523934ca75ee30.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1244	1688	8e9785ce0b79a233b5523934ca75ee30.exe	12

memory/1244-1-0x0000000003A50000-0x0000000003A58000-memory.dmp

Filesize
32KB

Download
memory/1688-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1688-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download