1830b1283817576977da74dee4da73430ad857b02cccfa0240ffb73234afc262

Analysis

max time kernel
154s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 18:26

Target

1830b1283817576977da74dee4da73430ad857b02cccfa0240ffb73234afc262.exe
Size

172KB
MD5

115c62d5e72e3a80c0cdba08628c6d77
SHA1

247b56b56841dc37094e703bc615f486d5c48f14
SHA256

1830b1283817576977da74dee4da73430ad857b02cccfa0240ffb73234afc262
SHA512

4083f68d37c91adfec23f0e7988d6ec5b6344b77fc765e5075ff416e559a85e70221d5ca6b2205b791662c6cc6f0d9d578d1f7bc7f7b03cd6fa43ac2e6ed45aa
SSDEEP

3072:wJLkeg9pVM1orjoB+EgZRurc1qVel1/SB85CaHBtx3GOen6c63X:ILo3VMUjD1Rwoj/SB85CaHBP9en1WX

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2532	ujnwrxk.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\ujnwrxk.exe	1830b1283817576977da74dee4da73430ad857b02cccfa0240ffb73234afc262.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2532	ujnwrxk.exe
Token: SeDebugPrivilege	1204	Explorer.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1736	1830b1283817576977da74dee4da73430ad857b02cccfa0240ffb73234afc262.exe
2532	ujnwrxk.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2532	2916	taskeng.exe	29
PID 2916 wrote to memory of 2532	2916	taskeng.exe	29
PID 2916 wrote to memory of 2532	2916	taskeng.exe	29
PID 2916 wrote to memory of 2532	2916	taskeng.exe	29
PID 2532 wrote to memory of 1204	2532	ujnwrxk.exe	21

C:\Windows\system32\taskeng.exe
taskeng.exe {FF88E22B-D744-4164-8783-77BEC194A0A8} S-1-5-21-2461186416-2307104501-1787948496-1000:MGILJUBR\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\PROGRA~3\Mozilla\ujnwrxk.exe
  C:\PROGRA~3\Mozilla\ujnwrxk.exe -eagoxym
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2532

C:\PROGRA~3\Mozilla\ujnwrxk.exe

Filesize
172KB

MD5
6c9a802828792fd3ee75922e3623ed06

SHA1
5a0dd083ca853171c252d3d613ac1919570ae249

SHA256
c989f1ffa223264bddccded977549fae09e8073c52c7b496236a63a0b622bd9c

SHA512
0b76a13bbf65f471efbab499ac2997c5db1081c4478607115b064af06ca039ec9d5ba85a8ee1c27bbd97d055688c60faa83f7038033f191d7d6907c195171b92

Download Submit
memory/1204-9-0x0000000002BE0000-0x0000000002BFC000-memory.dmp

Filesize
112KB

Download
memory/1204-8-0x0000000002BE0000-0x0000000002BFC000-memory.dmp

Filesize
112KB

Download
memory/1736-0-0x0000000000460000-0x00000000004BF000-memory.dmp

Filesize
380KB

Download
memory/1736-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1736-3-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2532-6-0x0000000001D00000-0x0000000001D5F000-memory.dmp

Filesize
380KB

Download
memory/2532-7-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2532-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download