78b8d2108491beb28f10f1cc87f0ab4b7cf5584017107b56f7a4c1dd6d387922

Resubmissions

09/05/2024, 11:45

09/05/2024, 11:42

09/05/2024, 11:37

max time kernel
1563s
max time network
1563s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 11:45

Target

PopulateDeviceDetails.exe
Size

5.6MB
MD5

415aa45d98a005949a833cab186c5983
SHA1

28f466c25c12f2be565a0537184c9bfd29558ff1
SHA256

78b8d2108491beb28f10f1cc87f0ab4b7cf5584017107b56f7a4c1dd6d387922
SHA512

d9fe63f0f9e89387a7f68f145d77e337a86d2b81fb4c3ca2e931c960d01e9a633e5c3980bf69427b9daac23361760c2835b539fa20d88a084499a36e51c173ce
SSDEEP

49152:L8vOPBiznLpUf1kVyp/ORLerS/3K1gIwunV7GmOVm9gRhvbIaWnmdxTPZrhDFEBF:uHmRsK13DlDSb1+ku9M6IjGr4ty

Score

1^/10

Suspicious use of AdjustPrivilegeToken 7 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2296	2292	PopulateDeviceDetails.exe	29
PID 2292 wrote to memory of 2296	2292	PopulateDeviceDetails.exe	29
PID 2292 wrote to memory of 2296	2292	PopulateDeviceDetails.exe	29

C:\Users\Admin\AppData\Local\Temp\PopulateDeviceDetails.exe
"C:\Users\Admin\AppData\Local\Temp\PopulateDeviceDetails.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:2296

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\TestLogs\TestLog_2024-05-09_11-45-48-561400.log
1⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\TestLogs\TestLog_2024-05-09_11-45-48-561400.log

Filesize
177KB

MD5
b4c0ee278ef92ebf64b68bdf84a4bad6

SHA1
f5cba6c6961d5d0883a5b831f8de5a83a39bade3

SHA256
8330631e7cd66e2420c1cbf3c0e38dddd758ece1fa42e29bc5b20a51a931189b

SHA512
ab70eace2f4b2c5c1779730a3aec18b05145655d64a69c3b099952842014ca8a28e5cf2fbeb222957611b7136b7e1f84d4268eea515fcb713c571bf74ee96e2a

Download Submit