ee8ef58f3bf0dab066eb608cb0f167b1585e166bf4730858961c192860ceffe9

Analysis

max time kernel
118s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 19:27

Target

procmap.exe
Size

13KB
MD5

0c13dfbc137a3bb4cc8da0b6301e9468
SHA1

f2ce29eed4c9f219dab415cf6729ee06c8fcff4d
SHA256

ee8ef58f3bf0dab066eb608cb0f167b1585e166bf4730858961c192860ceffe9
SHA512

e9343db4f416b4428745e57e47626e7ce52a21d0fa904915554fd900bab1b26d49d0f77b74bbf5404ec898b19af2287cdef3ed6b8ccf50760767eb3fc204a895
SSDEEP

192:QtsHSY7oXixkjdJfvW05QcXGDgvf0FT10mMejkksJ1L4NqZ36hrgWZdcFLG0F:QtYT7KoYW52X8TGwPsIN3LcBF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4116	procmap.exe
Token: SeIncBasePriorityPrivilege	4116	procmap.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 776	4116	procmap.exe	89
PID 4116 wrote to memory of 776	4116	procmap.exe	89
PID 4116 wrote to memory of 776	4116	procmap.exe	89

C:\Users\Admin\AppData\Local\Temp\procmap.exe
"C:\Users\Admin\AppData\Local\Temp\procmap.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c sch.bat
  2⤵
  PID:776

C:\Users\Admin\AppData\Local\Temp\sch.bat

Filesize
35B

MD5
b5ed71cf2c9a612c4f2833ff3845e9b1

SHA1
cc367f726b4b56d1d4c747d15527daccb7de481a

SHA256
577508aceb125af92dd9ffd903fbf62df20c57ca38e8aff196f64efb52dc461d

SHA512
d210b84e6b98874d5c4d2a866a010aaa36fa2b7eefa0c41ae10e0e0530d1a6e25fac3ba54356373916a5df1af593d43052a1f67012ab86e0a71a4b19eb8729a4

Download Submit
memory/4116-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4116-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/4116-6-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download