Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19-02-2024 17:08
Behavioral task
behavioral1
Sample
bTDk.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
bTDk.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
bTDk.exe
-
Size
32KB
-
MD5
7699a1f8463d4e48b20d720f8f794dbc
-
SHA1
7cee32f7a24224f3ee107b632447589e41c22dc2
-
SHA256
3f24a0243264894973daaddd665b311850024f99a47f935ca6ecba0d95f5f283
-
SHA512
00c520107dfa5a8510e0c7c16f94bec02131fc3a3270d8af40769534781a2f75362f66b5f7897d9efbe770dcb3916f31e513ee0a24e891c7683a1d5d9306c713
-
SSDEEP
384:z0bUe5XB4e0XppOjfrw0Q0mS03AWTxtTUFQqzFTObb9:gT9BuGj855dlb9
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
bTDk.exedescription pid process Token: SeDebugPrivilege 2644 bTDk.exe Token: 33 2644 bTDk.exe Token: SeIncBasePriorityPrivilege 2644 bTDk.exe Token: 33 2644 bTDk.exe Token: SeIncBasePriorityPrivilege 2644 bTDk.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
bTDk.exedescription pid process target process PID 2644 wrote to memory of 2852 2644 bTDk.exe cmd.exe PID 2644 wrote to memory of 2852 2644 bTDk.exe cmd.exe PID 2644 wrote to memory of 2852 2644 bTDk.exe cmd.exe PID 2644 wrote to memory of 2852 2644 bTDk.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bTDk.exe"C:\Users\Admin\AppData\Local\Temp\bTDk.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2644 -
C:\Windows\SysWOW64\cmd.execmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\Admin\AppData\Local\Temp\bTDk.exe"2⤵PID:2852