2c6f5bc040dc9b0c5780e5023cf88b47cca55263d729034d0362e91a2b02356e

Analysis

max time kernel
19s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
23-05-2024 23:25

Target

vir.exe
Size

36.2MB
MD5

cfb75af57b5375ee249d37293b03707c
SHA1

40092f116899241c2093c403504a59ae678acd2d
SHA256

2c6f5bc040dc9b0c5780e5023cf88b47cca55263d729034d0362e91a2b02356e
SHA512

f9918f33dbd4e6be1193bf6e0068fd92174212896d8ae949f0feec3a6b8d570e5c21c27e9a9f5438d1f90cf67abcf587a4a1a9f32582250aa35e92631b56a96b
SSDEEP

786432:94RerlLa3nwEwrkACTe6YQbjGEhM6XHXkvj:eulW3wEoALHUr

Score

1^/10

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

2320 taskkill.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskkill.exe

description pid process

Token: SeDebugPrivilege 2320 taskkill.exe

pid	process
2320	taskkill.exe

description	pid	process
Token: SeDebugPrivilege	2320	taskkill.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

vir.execmd.exe

description	pid	process	target process
PID 956 wrote to memory of 4928	956	vir.exe	cmd.exe
PID 956 wrote to memory of 4928	956	vir.exe	cmd.exe
PID 956 wrote to memory of 4928	956	vir.exe	cmd.exe
PID 4928 wrote to memory of 2320	4928	cmd.exe	taskkill.exe
PID 4928 wrote to memory of 2320	4928	cmd.exe	taskkill.exe
PID 4928 wrote to memory of 2320	4928	cmd.exe	taskkill.exe
PID 4928 wrote to memory of 1592	4928	cmd.exe	cmd.exe
PID 4928 wrote to memory of 1592	4928	cmd.exe	cmd.exe
PID 4928 wrote to memory of 1592	4928	cmd.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\vir.exe
"C:\Users\Admin\AppData\Local\Temp\vir.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:956

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vir_2b5cabb6-36e7-4692-8762-cddff09ba31d\loader.bat" "
2⤵
- Suspicious use of WriteProcessMemory
PID:4928

C:\Users\Admin\AppData\Local\Temp\vir_2b5cabb6-36e7-4692-8762-cddff09ba31d\loader.bat

Filesize
51B

MD5
e67249c010d7541925320d0e6b94a435

SHA1
66aa61cc4f66d5315e7c988988b319e0ab5f01f2

SHA256
4fc3cb68df5fc781354dcc462bf953b746584b304a84e2d21b340f62e4e330fc

SHA512
681698eb0aab92c2209cc06c7d32a34cbc209cc4e63d653c797d06ebf4d9342e4f882b3ab74c294eb345f62af454f5f3a721fe3dbc094ddbe9694e40c953df96

Download Submit
memory/956-0-0x0000000074B8E000-0x0000000074B8F000-memory.dmp

Filesize
4KB

Download
memory/956-1-0x0000000000030000-0x00000000000BC000-memory.dmp

Filesize
560KB

Download
memory/956-2-0x0000000004AD0000-0x0000000004AF4000-memory.dmp

Filesize
144KB

Download
memory/956-3-0x0000000074B80000-0x0000000075331000-memory.dmp

Filesize
7.7MB

Download
memory/956-4-0x00000000051B0000-0x0000000005756000-memory.dmp

Filesize
5.6MB

Download
memory/956-62-0x0000000074B80000-0x0000000075331000-memory.dmp

Filesize
7.7MB

Download