f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0

Analysis

max time kernel
123s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 02:52

Target

f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe
Size

708KB
MD5

671dcd27fabf7f0458e43da9a5b06870
SHA1

cdb70478bed9109583d165078042843b42992c77
SHA256

f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0
SHA512

4f5de22ea615b7c4bed04195928ab8063b58b21bf479f2ad318ffbedf80b3c06c425b4dcacdef2a4d6e448f2ddcd5a6c173ce080a6ba6371715008df28b4defc
SSDEEP

12288:MiU7lPe0TqxzDpATHAdurQ4I/zTXJ7z3zjPES0T2P9mzZ0M9CUr0SB31:Q1e0OBWTgEHIr97Xj8S0Tw6ZmUT

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2460 set thread context of 2640	2460	f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe	30

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2460	f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2460	f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2640	2460	f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe	30
PID 2460 wrote to memory of 2640	2460	f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe	30
PID 2460 wrote to memory of 2640	2460	f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe	30
PID 2460 wrote to memory of 2640	2460	f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe	30

C:\Users\Admin\AppData\Local\Temp\f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe
"C:\Users\Admin\AppData\Local\Temp\f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe
  C:\Users\Admin\AppData\Local\Temp\f4c4c88d6647d1f4f382b003321acc27d98996f0f541c0bfb9affdf4992fecc0.exe
  2⤵
  PID:2640

memory/2460-0-0x000000013F970000-0x000000013FA22000-memory.dmp

Filesize
712KB

Download
memory/2460-1-0x000007FEF6020000-0x000007FEF6A0C000-memory.dmp

Filesize
9.9MB

Download
memory/2460-2-0x000000001B2C0000-0x000000001B340000-memory.dmp

Filesize
512KB

Download
memory/2460-3-0x0000000000770000-0x000000000078A000-memory.dmp

Filesize
104KB

Download
memory/2460-4-0x0000000000790000-0x00000000007A2000-memory.dmp

Filesize
72KB

Download
memory/2460-5-0x0000000000A20000-0x0000000000A30000-memory.dmp

Filesize
64KB

Download
memory/2460-6-0x000000001BF30000-0x000000001BFB0000-memory.dmp

Filesize
512KB

Download
memory/2460-10-0x000007FEF6020000-0x000007FEF6A0C000-memory.dmp

Filesize
9.9MB

Download
memory/2640-7-0x000007FFFFFD7000-0x000007FFFFFD8000-memory.dmp

Filesize
4KB

Download