211aa8f15a37e6d2244b4a9b2d1c5494b9826f0cc469372873659485ec1087a5

Analysis

max time kernel
47s
max time network
17s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 13:42

Target

ProcessStealth.exe
Size

60KB
MD5

8dd3f6b32f9f7cd335c90439ba34ea2e
SHA1

f0567a5331efd8ba685bfd1a56f56868198382ca
SHA256

211aa8f15a37e6d2244b4a9b2d1c5494b9826f0cc469372873659485ec1087a5
SHA512

c8416415552cc7d89b770a1305d56289ef1f1b1c7f4852ea7d1dd81697fc681f8b175cfe915804b0ad2faeb30195b0cae2cb3dcbdc5e413faae7e12e97e9f33f
SSDEEP

768:n4NdQTHZPkKaYOlkfEqTIYv4gKNwFPFceMpaSIhkqe7+JD:nodiTEqTIm4gKN2PFNYaBEED

Score

1^/10

Suspicious behavior: EnumeratesProcesses 36 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1768	taskmgr.exe

Suspicious use of FindShellTrayWindow 46 IoCs

Suspicious use of SendNotifyMessage 46 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1200	2112	ProcessStealth.exe	29
PID 2112 wrote to memory of 1200	2112	ProcessStealth.exe	29
PID 2112 wrote to memory of 1200	2112	ProcessStealth.exe	29

C:\Users\Admin\AppData\Local\Temp\ProcessStealth.exe
"C:\Users\Admin\AppData\Local\Temp\ProcessStealth.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:1200

memory/1768-1-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1768-2-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1768-5-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2112-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2112-4-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download