38b9e4a26922f4193771ddec63011cafd6fec225a1cf898ba039dbeba735cf6d

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 10:53

Target

1.exe
Size

100.2MB
MD5

455066f9839c05f7fedb338c41d74104
SHA1

5331923ca6cdd5a92504af528dddba0e1a043f81
SHA256

e28d9b27c1512090a59d565a259bdd3ebbd14f1a5ebf7e21b22292900c8ce317
SHA512

05960f90596c27bee4213b7594e6fbbbe8369698b42110de7fb579a91d762586d17e09305a12cd39341f98551b44004012a0d1456bc25c71356d447640eddce2
SSDEEP

6144:wiuCzaGdJ7TNI9Zkb/wuCzaGdJ7TNI9Zkb/3:hvzaCJtIrkbovzaCJtIrkb/

Score

1^/10

Kills process with taskkill 1 IoCs

evasion

pid	Process
2124	taskkill.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2124	taskkill.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2124	2484	1.exe	28
PID 2484 wrote to memory of 2124	2484	1.exe	28
PID 2484 wrote to memory of 2124	2484	1.exe	28
PID 2484 wrote to memory of 2124	2484	1.exe	28
PID 2484 wrote to memory of 2512	2484	1.exe	30
PID 2484 wrote to memory of 2512	2484	1.exe	30
PID 2484 wrote to memory of 2512	2484	1.exe	30
PID 2484 wrote to memory of 2512	2484	1.exe	30
PID 2484 wrote to memory of 2512	2484	1.exe	30
PID 2484 wrote to memory of 2512	2484	1.exe	30
PID 2484 wrote to memory of 2512	2484	1.exe	30

C:\Users\Admin\AppData\Local\Temp\1.exe
"C:\Users\Admin\AppData\Local\Temp\1.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im KsafeTray.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Remoete.dll" WWWW
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512

C:\Remoete.dll

Filesize
11.1MB

MD5
2401cbaee90353e3e891c7908fe6d20f

SHA1
09a841b1f456ab784f574f9a558cf2fee1ca1361

SHA256
b2ea4949b2b5899d0887de80e93ce12896a18b975604cbf27a3c6bf359215adb

SHA512
4efdcbbaa4f9fb51c84c6ba9939175aaecd41c0922a6861b84eeed48ef5b8c9c9e6c5046154c92afba4cd5b0ec0a5238fc98c94b463219d20a5cb86b029496f6

Download Submit
memory/2484-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2484-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download