8a7f86b57cf7de891468746ab4616fffa6b8fb70f53f079e6fccf48a4a701ac8 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 04:10

Sharing

Report Analysis Logs

General

Target

a2dfb11d5570bb50f0f7d36f74df0d80.exe
Size

96KB
MD5

a2dfb11d5570bb50f0f7d36f74df0d80
SHA1

9e8a78eaae633a42f3b0b0e9c6320c81f8c00b4a
SHA256

8a7f86b57cf7de891468746ab4616fffa6b8fb70f53f079e6fccf48a4a701ac8
SHA512

e2a89ac39ef0c179fa9718c794bf41832a4df789aabb80107d9d44781fd6a32df7065da23ffc638a05b48ab5dbb4ef8ab2fa8ae4c72b0b9ccd888a44fe80d906
SSDEEP

1536:bLCUIbeNvSivPN9j7R6Zj+wOeLM9vC6oLjpudn:6UIbetjxxoHC

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3008	cmd.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe
Token: SeRestorePrivilege	2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe
Token: SeBackupPrivilege	2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 3008	2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe	28
PID 2884 wrote to memory of 3008	2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe	28
PID 2884 wrote to memory of 3008	2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe	28
PID 2884 wrote to memory of 3008	2884	a2dfb11d5570bb50f0f7d36f74df0d80.exe	28

C:\Users\Admin\AppData\Local\Temp\a2dfb11d5570bb50f0f7d36f74df0d80.exe
"C:\Users\Admin\AppData\Local\Temp\a2dfb11d5570bb50f0f7d36f74df0d80.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\A2DFB1~1.EXE
  2⤵
  - Deletes itself
  PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2884-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2884-1-0x0000000000020000-0x0000000000038000-memory.dmp

Filesize
96KB

Download
memory/2884-2-0x0000000000020000-0x0000000000038000-memory.dmp

Filesize
96KB

Download
memory/2884-5-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download