a5bb3fc7347500fdf5a8fa486ea1293ddbd5eede0b8ac4d62337a72a3dc7fc13

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 10:14

Target

cb2565dfc73e2a2b547c0a54d085910f.exe
Size

169KB
MD5

cb2565dfc73e2a2b547c0a54d085910f
SHA1

9e0b1b632765a2de3fea2a44436530746436bbe9
SHA256

a5bb3fc7347500fdf5a8fa486ea1293ddbd5eede0b8ac4d62337a72a3dc7fc13
SHA512

25762d3d6b18d563e2de7731d4b976534ea10d28a9902a1c4be4687402dcef944757f045954b9863c86f8366f96efc23f1a227da888f3c18fb77d10f8a52077e
SSDEEP

3072:UaGzQ7lmDUW0WysPk89b4Gj/UUjvPxD8emb3mQCijrevizW96h3dekuNLEEsrg+:mzQhmD5fLoUrxDdmynn6zbluqLx

Score

1^/10

Kills process with taskkill 1 IoCs

evasion

pid	Process
220	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	220	taskkill.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 220	64	cb2565dfc73e2a2b547c0a54d085910f.exe	89
PID 64 wrote to memory of 220	64	cb2565dfc73e2a2b547c0a54d085910f.exe	89
PID 64 wrote to memory of 220	64	cb2565dfc73e2a2b547c0a54d085910f.exe	89

C:\Users\Admin\AppData\Local\Temp\cb2565dfc73e2a2b547c0a54d085910f.exe
"C:\Users\Admin\AppData\Local\Temp\cb2565dfc73e2a2b547c0a54d085910f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:64
- C:\Windows\SysWOW64\taskkill.exe
  taskkill -f -im ashMaiSv.exe -im McShield.exe -im oasclnt.exe -im mcagent.exe -im McVSEscn.exe -im mcvsftsn.exe -im Mcdetect.exe -im McTskshd.exe -im mcvsshld.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:220

memory/64-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/64-1-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-2-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-3-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-4-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-5-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-6-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-7-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-8-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-9-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download
memory/64-10-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/64-11-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/64-12-0x000000007FDF0000-0x000000007FE4C000-memory.dmp

Filesize
368KB

Download