25e99c1c1030cd854af667f11c00d14e4ea41bbd880d7adb915db4ba612f877d

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eaf59b45d941eaa91033e71d0d7ec96.exe
Size

105KB
MD5

8eaf59b45d941eaa91033e71d0d7ec96
SHA1

3a8e8542f192335e0893878b6653adf9d689bf03
SHA256

25e99c1c1030cd854af667f11c00d14e4ea41bbd880d7adb915db4ba612f877d
SHA512

7f600d4edcc2c23202279dc41098688b5dfb5ad0f28cc000424519cc49786af20b8cb7f301b3cc7e335feb2a0eecf791d175de910869418ffdc0ddbce7a3cd5d
SSDEEP

1536:0zqXQhtG/NFXhkUhDOpBla2C/z2YrTqHiU8PCIXTk4DRTSMQRgh0yIjryQpL:jWG/NFFXX7breCFkyRTSllDHyQp

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe

Suspicious behavior: MapViewOfSection 21 IoCs

pid	Process
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe
2220	8eaf59b45d941eaa91033e71d0d7ec96.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 372	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	5
PID 2220 wrote to memory of 372	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	5
PID 2220 wrote to memory of 372	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	5
PID 2220 wrote to memory of 372	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	5
PID 2220 wrote to memory of 372	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	5
PID 2220 wrote to memory of 372	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	5
PID 2220 wrote to memory of 384	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	4
PID 2220 wrote to memory of 384	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	4
PID 2220 wrote to memory of 384	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	4
PID 2220 wrote to memory of 384	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	4
PID 2220 wrote to memory of 384	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	4
PID 2220 wrote to memory of 384	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	4
PID 2220 wrote to memory of 420	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	3
PID 2220 wrote to memory of 420	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	3
PID 2220 wrote to memory of 420	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	3
PID 2220 wrote to memory of 420	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	3
PID 2220 wrote to memory of 420	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	3
PID 2220 wrote to memory of 420	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	3
PID 2220 wrote to memory of 464	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	2
PID 2220 wrote to memory of 464	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	2
PID 2220 wrote to memory of 464	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	2
PID 2220 wrote to memory of 464	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	2
PID 2220 wrote to memory of 464	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	2
PID 2220 wrote to memory of 464	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	2
PID 2220 wrote to memory of 480	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	1
PID 2220 wrote to memory of 480	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	1
PID 2220 wrote to memory of 480	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	1
PID 2220 wrote to memory of 480	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	1
PID 2220 wrote to memory of 480	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	1
PID 2220 wrote to memory of 480	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	1
PID 2220 wrote to memory of 488	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	8
PID 2220 wrote to memory of 488	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	8
PID 2220 wrote to memory of 488	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	8
PID 2220 wrote to memory of 488	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	8
PID 2220 wrote to memory of 488	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	8
PID 2220 wrote to memory of 488	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	8
PID 2220 wrote to memory of 588	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	26
PID 2220 wrote to memory of 588	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	26
PID 2220 wrote to memory of 588	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	26
PID 2220 wrote to memory of 588	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	26
PID 2220 wrote to memory of 588	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	26
PID 2220 wrote to memory of 588	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	26
PID 2220 wrote to memory of 668	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	9
PID 2220 wrote to memory of 668	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	9
PID 2220 wrote to memory of 668	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	9
PID 2220 wrote to memory of 668	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	9
PID 2220 wrote to memory of 668	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	9
PID 2220 wrote to memory of 668	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	9
PID 2220 wrote to memory of 748	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	25
PID 2220 wrote to memory of 748	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	25
PID 2220 wrote to memory of 748	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	25
PID 2220 wrote to memory of 748	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	25
PID 2220 wrote to memory of 748	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	25
PID 2220 wrote to memory of 748	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	25
PID 2220 wrote to memory of 816	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	10
PID 2220 wrote to memory of 816	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	10
PID 2220 wrote to memory of 816	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	10
PID 2220 wrote to memory of 816	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	10
PID 2220 wrote to memory of 816	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	10
PID 2220 wrote to memory of 816	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	10
PID 2220 wrote to memory of 852	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	24
PID 2220 wrote to memory of 852	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	24
PID 2220 wrote to memory of 852	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	24
PID 2220 wrote to memory of 852	2220	8eaf59b45d941eaa91033e71d0d7ec96.exe	24

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:480

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
1⤵
PID:464
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k RPCSS
  2⤵
  PID:668
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  2⤵
  PID:816
- - C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    3⤵
    PID:1188
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k NetworkService
  2⤵
  PID:280
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  2⤵
  PID:1036
- C:\Windows\system32\taskhost.exe
  "taskhost.exe"
  2⤵
  PID:1116
- C:\Windows\System32\spoolsv.exe
  C:\Windows\System32\spoolsv.exe
  2⤵
  PID:340
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalService
  2⤵
  PID:964
- C:\Windows\system32\sppsvc.exe
  C:\Windows\system32\sppsvc.exe
  2⤵
  PID:2376
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  2⤵
  PID:2148
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k netsvcs
  2⤵
  PID:852
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  2⤵
  PID:748
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k DcomLaunch
  2⤵
  PID:588

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:420

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:384

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:372
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:488

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1264
- C:\Users\Admin\AppData\Local\Temp\8eaf59b45d941eaa91033e71d0d7ec96.exe
  "C:\Users\Admin\AppData\Local\Temp\8eaf59b45d941eaa91033e71d0d7ec96.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2220

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download