22e0b8cb5f0fdfaadf14087c603a92420fcc6e8f3e2578dd9c1ca93e93ee1a86

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 04:56

Target

22e0b8cb5f0fdfaadf14087c603a92420fcc6e8f3e2578dd9c1ca93e93ee1a86.exe
Size

363KB
MD5

cccf40863bfb31e52000ac96d51990d1
SHA1

f178e9a9f75fe88914c659bd83543f691d55651d
SHA256

22e0b8cb5f0fdfaadf14087c603a92420fcc6e8f3e2578dd9c1ca93e93ee1a86
SHA512

c09af9c287e3ef5cd53c603230bd207cbca6eeb9b55f3119b88965730c8526219d76a1084021c39d92101633c039eeb0c16ba8eb568c8c4da87e380492d0ee10
SSDEEP

3072:liRbuVxBGY4J6tFLHvr1fOsY1JWOtENy6ykJ:WbyvoWFwjJmBJ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2916	tbckyxk.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\tbckyxk.exe	22e0b8cb5f0fdfaadf14087c603a92420fcc6e8f3e2578dd9c1ca93e93ee1a86.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	tbckyxk.exe
Token: SeDebugPrivilege	1260	Explorer.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1664	22e0b8cb5f0fdfaadf14087c603a92420fcc6e8f3e2578dd9c1ca93e93ee1a86.exe
2916	tbckyxk.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2916	2688	taskeng.exe	29
PID 2688 wrote to memory of 2916	2688	taskeng.exe	29
PID 2688 wrote to memory of 2916	2688	taskeng.exe	29
PID 2688 wrote to memory of 2916	2688	taskeng.exe	29
PID 2916 wrote to memory of 1260	2916	tbckyxk.exe	21

C:\Windows\system32\taskeng.exe
taskeng.exe {AD561E3D-1B4B-4191-8098-15DEFB26244E} S-1-5-21-330940541-141609230-1670313778-1000:KXIPPCKF\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\PROGRA~3\Mozilla\tbckyxk.exe
  C:\PROGRA~3\Mozilla\tbckyxk.exe -gqpcbye
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2916

C:\PROGRA~3\Mozilla\tbckyxk.exe

Filesize
363KB

MD5
66fa63a5fc691c337f11045a2bef883c

SHA1
a3d78cd1f28f264eb6ae6f52ec878249a8356820

SHA256
f0097d4838939b31f520e54f58504cb5c9b7157b4187ac6f982a0bac5b87d328

SHA512
f77e0f70f010a30516ce5d2397aa59439bdf8fcbb9b80d1a4e5245c406c3c346290ddd9b64ce67dd8f2f68714b95692997efd6335ba7933a1ef8cc43f67d22b1

Download Submit
memory/1260-11-0x0000000002A10000-0x0000000002A2C000-memory.dmp

Filesize
112KB

Download
memory/1260-12-0x0000000002A10000-0x0000000002A2C000-memory.dmp

Filesize
112KB

Download
memory/1664-4-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1664-5-0x0000000000390000-0x00000000003EF000-memory.dmp

Filesize
380KB

Download
memory/1664-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1664-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1664-1-0x0000000000390000-0x00000000003EF000-memory.dmp

Filesize
380KB

Download
memory/2916-8-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2916-9-0x0000000000240000-0x000000000029F000-memory.dmp

Filesize
380KB

Download
memory/2916-10-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2916-15-0x0000000000240000-0x000000000029F000-memory.dmp

Filesize
380KB

Download
memory/2916-14-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download