26a771ec1b7159b3009984f59822620ba5bcd2a675e290a1334ff3a2536ae5ea

Analysis

max time kernel
155s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 14:37

Target

b8f7f1c3cb54dd98956cfade0d5b02a6.exe
Size

336KB
MD5

b8f7f1c3cb54dd98956cfade0d5b02a6
SHA1

802cedcb7f89c6df1dc1bd36ace24c66474cd0ab
SHA256

26a771ec1b7159b3009984f59822620ba5bcd2a675e290a1334ff3a2536ae5ea
SHA512

2f9f862f39bb8a1cf87f44a848bb2e8b12f56215643e3643b6e08278023c9195356dd030f2ddbb304149887958925e5b1fb8d0f2a8ff51dd2b0ee8f84d14b0ae
SSDEEP

6144:ENr04w8GJEotOrtacrFhqxvtiIZTYix3BuYBIbgmOTd3w:ENr04rnrtacrnnOTYi3B+gmO53

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1360	X

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1360	X
1360	X

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	116	b8f7f1c3cb54dd98956cfade0d5b02a6.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3360	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 1360	116	b8f7f1c3cb54dd98956cfade0d5b02a6.exe	99
PID 116 wrote to memory of 1360	116	b8f7f1c3cb54dd98956cfade0d5b02a6.exe	99
PID 1360 wrote to memory of 3360	1360	X	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious use of UnmapMainImage
PID:3360
- C:\Users\Admin\AppData\Local\Temp\b8f7f1c3cb54dd98956cfade0d5b02a6.exe
  "C:\Users\Admin\AppData\Local\Temp\b8f7f1c3cb54dd98956cfade0d5b02a6.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Users\Admin\AppData\Local\9fc7b2d2\X
    193.105.154.210:80
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:748

C:\Users\Admin\AppData\Local\9fc7b2d2\X

Filesize
41KB

MD5
686b479b0ee164cf1744a8be359ebb7d

SHA1
8615e8f967276a85110b198d575982a958581a07

SHA256
fcfbb4c648649f4825b66504b261f912227ba32cbaabcadf4689020a83fb201b

SHA512
7ed8022e2b09f232150b77fc3a25269365b624f19f0b50c46a4fdf744eeb23294c09c051452c4c9dbb34a274f1a0bfc54b3ff1987ec16ae2e54848e22a97ed64

Download Submit
memory/116-1-0x0000000000400000-0x000000000045C8E4-memory.dmp

Filesize
370KB

Download
memory/116-2-0x00000000009A0000-0x0000000000AA0000-memory.dmp

Filesize
1024KB

Download
memory/116-9-0x0000000000400000-0x000000000045C8E4-memory.dmp

Filesize
370KB

Download
memory/116-11-0x00000000009A0000-0x0000000000AA0000-memory.dmp

Filesize
1024KB

Download
memory/116-12-0x0000000000400000-0x000000000045C8E4-memory.dmp

Filesize
370KB

Download
memory/3360-8-0x0000000001230000-0x0000000001238000-memory.dmp

Filesize
32KB

Download