ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9

Analysis

max time kernel
134s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:48

Target

ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe
Size

788KB
MD5

0e71a4fb1040c22bf79c7b8ed3e3d81c
SHA1

50e61dd88e67a8960e493633c1b9a2cc3f9bb6e3
SHA256

ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9
SHA512

f0debb547b9ae0879201e110767844d09fa6e3dbf3a6e2a997557521991d61576784b475177c28391f095a95922fb47be75de5a9d34de24e1c3966da8ec93d16
SSDEEP

12288:pgvRL0un9UVpM4AXGHebegiBb8cztbFY4Fab95tW4nG3vW8Mr3XfkkY5XFPA6MNQ:CvRK2EY3iDR2b9nWKGfKnf7Y9U

Score

9^/10

Detects executables packed with SmartAssembly 1 IoCs

resource	yara_rule
behavioral2/memory/324-3-0x0000000002C20000-0x0000000002C3C000-memory.dmp	INDICATOR_EXE_Packed_SmartAssembly

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 324 set thread context of 712	324	ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe	95

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
324	ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	324	ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 712	324	ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe	95
PID 324 wrote to memory of 712	324	ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe	95
PID 324 wrote to memory of 712	324	ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe	95

C:\Users\Admin\AppData\Local\Temp\ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe
"C:\Users\Admin\AppData\Local\Temp\ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:324
- C:\Users\Admin\AppData\Local\Temp\ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe
  C:\Users\Admin\AppData\Local\Temp\ad00944aeabb4d5cfa105feda2ff9e2706962ae740e1b3f99e34cf2d81bf23d9.exe
  2⤵
  PID:712

memory/324-0-0x00007FFEC4133000-0x00007FFEC4135000-memory.dmp

Filesize
8KB

Download
memory/324-1-0x00000000000F0000-0x00000000001B8000-memory.dmp

Filesize
800KB

Download
memory/324-2-0x00007FFEC4130000-0x00007FFEC4BF1000-memory.dmp

Filesize
10.8MB

Download
memory/324-3-0x0000000002C20000-0x0000000002C3C000-memory.dmp

Filesize
112KB

Download
memory/324-4-0x0000000000BB0000-0x0000000000BC4000-memory.dmp

Filesize
80KB

Download
memory/324-5-0x000000001D0A0000-0x000000001D128000-memory.dmp

Filesize
544KB

Download
memory/324-7-0x00007FFEC4130000-0x00007FFEC4BF1000-memory.dmp

Filesize
10.8MB

Download