64317045686f2cc6fca84d4b469a5e65f7a48ba8cd2a55817c8040833f42ebf8

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/03/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
Size

735KB
MD5

b0d480d34cdcbaf1e8514e9ae6ff17c8
SHA1

6c6e06311c2fc21ada0e6a55dfc6b86e701129b2
SHA256

64317045686f2cc6fca84d4b469a5e65f7a48ba8cd2a55817c8040833f42ebf8
SHA512

6a8b05ba0e4bff2aee18f2d130f3f986f5231786e5bc3ccbb1de508737a4af145fa4f5c1733cbe7dd57e6a9f659f1307d13e641e8a78fa97013b7be1a45d2290
SSDEEP

12288:gD5bqVFsMm0HcN6WgjdyJ/8+LkHAi+nzk7FaZWbA4me6m1Dl5ZFHEXcRIQoovasF:gwVFsMp8NfMEJFaJuzkaWAr9Gl5Z/7oe

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2500	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	30
PID 2988 wrote to memory of 2500	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	30
PID 2988 wrote to memory of 2500	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	30
PID 2988 wrote to memory of 2500	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	30
PID 2988 wrote to memory of 2596	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	31
PID 2988 wrote to memory of 2596	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	31
PID 2988 wrote to memory of 2596	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	31
PID 2988 wrote to memory of 2596	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	31
PID 2988 wrote to memory of 2884	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	32
PID 2988 wrote to memory of 2884	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	32
PID 2988 wrote to memory of 2884	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	32
PID 2988 wrote to memory of 2884	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	32
PID 2988 wrote to memory of 2964	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	33
PID 2988 wrote to memory of 2964	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	33
PID 2988 wrote to memory of 2964	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	33
PID 2988 wrote to memory of 2964	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	33
PID 2988 wrote to memory of 2888	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	34
PID 2988 wrote to memory of 2888	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	34
PID 2988 wrote to memory of 2888	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	34
PID 2988 wrote to memory of 2888	2988	b0d480d34cdcbaf1e8514e9ae6ff17c8.exe	34

C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
"C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
  "C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe"
  2⤵
  PID:2500
- C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
  "C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe"
  2⤵
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
  "C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe"
  2⤵
  PID:2884
- C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
  "C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe"
  2⤵
  PID:2964
- C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe
  "C:\Users\Admin\AppData\Local\Temp\b0d480d34cdcbaf1e8514e9ae6ff17c8.exe"
  2⤵
  PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2988-0-0x00000000003F0000-0x00000000004AE000-memory.dmp

Filesize
760KB

Download
memory/2988-1-0x0000000074B30000-0x000000007521E000-memory.dmp

Filesize
6.9MB

Download
memory/2988-2-0x0000000004E40000-0x0000000004E80000-memory.dmp

Filesize
256KB

Download
memory/2988-3-0x0000000000640000-0x000000000065A000-memory.dmp

Filesize
104KB

Download
memory/2988-4-0x0000000074B30000-0x000000007521E000-memory.dmp

Filesize
6.9MB

Download
memory/2988-5-0x0000000004E40000-0x0000000004E80000-memory.dmp

Filesize
256KB

Download
memory/2988-6-0x0000000007E90000-0x0000000007F30000-memory.dmp

Filesize
640KB

Download
memory/2988-7-0x00000000020E0000-0x0000000002118000-memory.dmp

Filesize
224KB

Download
memory/2988-8-0x0000000074B30000-0x000000007521E000-memory.dmp

Filesize
6.9MB

Download