3adc37c2b59ec1d722cd9f1171ab01a4865637b60fd61f116734ad6f092c72f5

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 19:07

Target

3adc37c2b59ec1d722cd9f1171ab01a4865637b60fd61f116734ad6f092c72f5.exe
Size

172KB
MD5

9b0ea22741d34c7ab4dbddf775b68f95
SHA1

5bd9aec81a5de0ca2e993f88c82b590fc091c58b
SHA256

3adc37c2b59ec1d722cd9f1171ab01a4865637b60fd61f116734ad6f092c72f5
SHA512

95442afe89f61383fd3b24a2cf17368d9fdd5e352e54b3f6fdb1855ebfc94f42986d35fd5f01a7e6bf5e0ca56b5a5d6d443b661500f0d862493c21a5d21f7bea
SSDEEP

3072:uoUvg4fqjO00Yhxumzc6QIFqC067xd8xYCXE:uojV0YHzc6QIFqCNFd8X0

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2528	ydvbdjf.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ydvbdjf.exe	3adc37c2b59ec1d722cd9f1171ab01a4865637b60fd61f116734ad6f092c72f5.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2528	ydvbdjf.exe
Token: SeDebugPrivilege	1368	Explorer.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2856	3adc37c2b59ec1d722cd9f1171ab01a4865637b60fd61f116734ad6f092c72f5.exe
2528	ydvbdjf.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2528	2880	taskeng.exe	29
PID 2880 wrote to memory of 2528	2880	taskeng.exe	29
PID 2880 wrote to memory of 2528	2880	taskeng.exe	29
PID 2880 wrote to memory of 2528	2880	taskeng.exe	29
PID 2528 wrote to memory of 1368	2528	ydvbdjf.exe	21

C:\Windows\system32\taskeng.exe
taskeng.exe {E121E592-91B3-411A-9887-5C210B8912EC} S-1-5-21-1650401615-1019878084-3673944445-1000:UADPPTXT\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\PROGRA~3\Mozilla\ydvbdjf.exe
  C:\PROGRA~3\Mozilla\ydvbdjf.exe -smqpfhe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2528

C:\PROGRA~3\Mozilla\ydvbdjf.exe

Filesize
172KB

MD5
3caec2bfd1aa026c69c7e031c9e686b6

SHA1
c28ef447cb1c30d3900106a5c57e2a48a2ecada3

SHA256
6b7c6b4e14611b6fcc7cd1b47328efbd66e1846b516152db23f62f4578e7bbde

SHA512
dc15e29875f891f190ef67f29e20abd05891d0ccad23404500e85e386747e22edc02d2e63fe47cb9433c27cf0178268970c396a01c96058cbe1d5b416c499a7d

Download Submit
memory/1368-8-0x0000000002670000-0x000000000268C000-memory.dmp

Filesize
112KB

Download
memory/1368-10-0x0000000002670000-0x000000000268C000-memory.dmp

Filesize
112KB

Download
memory/2528-6-0x00000000002C0000-0x000000000031F000-memory.dmp

Filesize
380KB

Download
memory/2528-7-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2528-12-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2856-0-0x0000000001C90000-0x0000000001CEF000-memory.dmp

Filesize
380KB

Download
memory/2856-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2856-3-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download