e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 03:43

Target

e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe
Size

148KB
MD5

742419f6e299447176e0d02bec42f0e8
SHA1

c43c6208e9830f7788775ff648eb85a0714c562f
SHA256

e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743
SHA512

9400ed5c2021e37bd64eac4cec4aa37580a748147f0790df6751a9f58c67cd333676e7255df513c8c31ee0366d6d4cacd9d81872d02757a1ef7073f7cd52344c
SSDEEP

3072:BQ+t4BHNNRGtVJO96P4ZkuB4N6lZ4nEFjimAk/738:Gm4BHNNRGHP4ZLxz4nEF2kjs

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2164	gjsfhjk.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~3\Mozilla\gjsfhjk.exe	e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2164	gjsfhjk.exe
Token: SeDebugPrivilege	1196	Explorer.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2336	e09fd91a8b3724a42d78e8b72fc0f7e6e8ce91b8fac4a3577b87edd553688743.exe
2164	gjsfhjk.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2164	1852	taskeng.exe	29
PID 1852 wrote to memory of 2164	1852	taskeng.exe	29
PID 1852 wrote to memory of 2164	1852	taskeng.exe	29
PID 1852 wrote to memory of 2164	1852	taskeng.exe	29
PID 2164 wrote to memory of 1196	2164	gjsfhjk.exe	21

C:\Windows\system32\taskeng.exe
taskeng.exe {1C07B2D7-E760-42D2-A3D9-2341F57345A0} S-1-5-21-1298544033-3225604241-2703760938-1000:IZKCKOTP\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\PROGRA~3\Mozilla\gjsfhjk.exe
  C:\PROGRA~3\Mozilla\gjsfhjk.exe -tuxiydl
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:2164

C:\PROGRA~3\Mozilla\gjsfhjk.exe

Filesize
148KB

MD5
f346aace846bb302f383d65f184a5f3c

SHA1
a9a41f3f039f0db558874171da9b44dde0ec2cec

SHA256
a1d6fa35b33b73ae522472a439173eacee0ef5bd8da6cc8c46df41ce7cfb6c06

SHA512
133a622b87dd678f05abf54b4c1699e4ae4d4ff9e1e6a887968f715b0d2d11aba5220b1dd509e1d409976cfa4065c6aa3254bff4ca30be64175473b260075f81

Download Submit
memory/1196-9-0x0000000003CD0000-0x0000000003CEC000-memory.dmp

Filesize
112KB

Download
memory/1196-8-0x0000000003CD0000-0x0000000003CEC000-memory.dmp

Filesize
112KB

Download
memory/2164-6-0x0000000000240000-0x000000000029F000-memory.dmp

Filesize
380KB

Download
memory/2164-7-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2164-12-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2336-0-0x0000000000250000-0x00000000002AF000-memory.dmp

Filesize
380KB

Download
memory/2336-1-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2336-3-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download