50517101fe6635700943ed09f50ffe0efa8a91fc83fd90a2cc79c284dcefbd4b

Analysis

max time kernel
10s
max time network
16s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-05-2024 21:59

Target

TEST-protected.exe
Size

1.0MB
MD5

30be169763d38846a478bb3b1f2bc021
SHA1

66eb49fd94fe043a7378548b169633a0098c9da5
SHA256

50517101fe6635700943ed09f50ffe0efa8a91fc83fd90a2cc79c284dcefbd4b
SHA512

ed37c74243af0de06db7ab8608727a8625bf285b4be8be2db15b973691ff8da1646426d84a29f7abe142113e8c4cd7d9496fb345917a0129f1456daee0d5181f
SSDEEP

12288:d2WStwpNR9gWpk8eOAs9GetrYOtm3Ed2DeEqt0UBZ//pxoa8MvhHaJkqnVmx+:TStWNrfpCOAvOtCqb/H9vVaeIk

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1092	dw20.exe
1092	dw20.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1092	dw20.exe
Token: SeBackupPrivilege	1092	dw20.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1092	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 1092	876	TEST-protected.exe	72
PID 876 wrote to memory of 1092	876	TEST-protected.exe	72
PID 876 wrote to memory of 1092	876	TEST-protected.exe	72

C:\Users\Admin\AppData\Local\Temp\TEST-protected.exe
"C:\Users\Admin\AppData\Local\Temp\TEST-protected.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 764
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1092

memory/876-0-0x0000000073DA1000-0x0000000073DA2000-memory.dmp

Filesize
4KB

Download
memory/876-1-0x0000000073DA0000-0x0000000074350000-memory.dmp

Filesize
5.7MB

Download
memory/876-2-0x0000000073DA0000-0x0000000074350000-memory.dmp

Filesize
5.7MB

Download
memory/876-9-0x0000000073DA0000-0x0000000074350000-memory.dmp

Filesize
5.7MB

Download