878587d598082b8b08cb2419c970da6fe12a244497f482b8de35eac472534b18

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 14:09

Target

becdae057b41fee5dcec3e033690cd85.exe
Size

13KB
MD5

becdae057b41fee5dcec3e033690cd85
SHA1

aa4a65329625b6470e0850eb663e914de31f7741
SHA256

878587d598082b8b08cb2419c970da6fe12a244497f482b8de35eac472534b18
SHA512

9ac09238a6eab853e07aba5c4337b7e73e2724ccb67ccef7832d8e94a604e86d978a1f6e0c56714d839c8c68e67c7231e20b548df0bba917f4cc312a638a477e
SSDEEP

384:+xyPqksZTpXh1aokOsOzt2GpO/6R5Nj+SzOCJdIqCmKA:fqRSokOsmljV+zCHIqZKA

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ldBB05.tmp	becdae057b41fee5dcec3e033690cd85.exe
File opened for modification	C:\Windows\SysWOW64\ldBB05.tmp	becdae057b41fee5dcec3e033690cd85.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2996	becdae057b41fee5dcec3e033690cd85.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2996	becdae057b41fee5dcec3e033690cd85.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 420	2996	becdae057b41fee5dcec3e033690cd85.exe	5

memory/420-2-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download