4e32e4d62180dede1cf54d34399adf7fb06464604842d6551ba3d2077ce6d5c8

Analysis

max time kernel
17s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 11:21

Target

sekmeme olta/sekmemeotoayar.bat
Size

12KB
MD5

b585b6ebb583d11eebb2ff5392d27724
SHA1

98e215b33ee123d0f3e1d9ca88af3d6ea2c89a3c
SHA256

a3a60d095e054a2fb6b951cb499df5bae45d6c4361cd9c3a338a61690e388ea1
SHA512

ce07e1daeec628ef391c0b11d6240e9606c8440d3cf09217b81788e7d0de5ecdbd66653a57276d6c3731523c6a64ac921b5e870386b571828d201f86481496c3
SSDEEP

384:1bvuYOOQ1CvlyejVghBYjiVKRq5aixzorf9BLEHQ:1bXf8oKK80ixuUHQ

Score

10^/10

Language

ps1

Source

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1167569425721995295/1167776678743908422/Exela.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

2860 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 2860 powershell.exe

pid	process
2860	powershell.exe

description	pid	process
Token: SeDebugPrivilege	2860	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2804 wrote to memory of 2632	2804	cmd.exe	fsutil.exe
PID 2804 wrote to memory of 2632	2804	cmd.exe	fsutil.exe
PID 2804 wrote to memory of 2632	2804	cmd.exe	fsutil.exe
PID 2804 wrote to memory of 2860	2804	cmd.exe	powershell.exe
PID 2804 wrote to memory of 2860	2804	cmd.exe	powershell.exe
PID 2804 wrote to memory of 2860	2804	cmd.exe	powershell.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\sekmeme olta\sekmemeotoayar.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2804

memory/2860-4-0x000000001B3D0000-0x000000001B6B2000-memory.dmp

Filesize
2.9MB

Download
memory/2860-5-0x0000000002360000-0x0000000002368000-memory.dmp

Filesize
32KB

Download
memory/2860-6-0x000007FEF57A0000-0x000007FEF613D000-memory.dmp

Filesize
9.6MB

Download
memory/2860-7-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2860-8-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2860-9-0x000007FEF57A0000-0x000007FEF613D000-memory.dmp

Filesize
9.6MB

Download
memory/2860-10-0x00000000026D0000-0x0000000002750000-memory.dmp

Filesize
512KB

Download
memory/2860-11-0x000007FEF57A0000-0x000007FEF613D000-memory.dmp

Filesize
9.6MB

Download