Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 15:09
Behavioral task
behavioral1
Sample
bT5b.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
bT5b.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
bT5b.exe
-
Size
32KB
-
MD5
287fbbbc69050158902e5a297a4693bf
-
SHA1
ac8fea9c0d591a0dc8d46e6e1450e79697c62596
-
SHA256
7d86de2d2e6cd118653666fd446f52370e890e3f72ba30de620abdea1f514822
-
SHA512
a22cf7084ff85567bc482b7da5cf8cd2d78c4b5653c1b87cc23ad3cf1330b836f87300a84fb67a34177a15179ad21218b296c5a35b79fe5b43725cb77e74ea3e
-
SSDEEP
384:Q0bUe5XB4e0X7OZOiaXLilpknDAWTEtTUFQqz9eObbG:VT9BuCjaXWlZwbG
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
Processes:
bT5b.exedescription pid process Token: SeDebugPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe Token: 33 2804 bT5b.exe Token: SeIncBasePriorityPrivilege 2804 bT5b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
bT5b.exedescription pid process target process PID 2804 wrote to memory of 1628 2804 bT5b.exe cmd.exe PID 2804 wrote to memory of 1628 2804 bT5b.exe cmd.exe PID 2804 wrote to memory of 1628 2804 bT5b.exe cmd.exe PID 2804 wrote to memory of 1628 2804 bT5b.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bT5b.exe"C:\Users\Admin\AppData\Local\Temp\bT5b.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\bT5b.exe"2⤵PID:1628