fc0bb31d2c5c0b10623e469323a6e79c506a57880daadf06ea0dc0824d04a40f

Analysis

max time kernel
149s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 01:43

Target

putty.exe
Size

1.2MB
MD5

5e57b71daab3da3fbc7aaeff9a39437c
SHA1

6439c06796865c857cb09aeb724907a1c0b049df
SHA256

cf57eea613905dc9db75988cc6579528f16c62d4f9e69e2c58881e08bd492af3
SHA512

4135971fec1e880c8ea82af75b6de98e3d83e1bb89f31c5c643eb864c5ee00a81076ce694d4eb0dae2f9595f8f74fa962f1149eb38bfd0a4fae4fb390b9816e8
SSDEEP

24576:G9M9KGzpGQZA5x+Hxps7rg3fJtjCO6zUB1IJ9Zut5ivSLO/yqXxv/F8:G9M9Kms703fJtjCO6zUB1IJit5iqeyS

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2560	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2412	putty.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2560	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2412	putty.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2560	2824	cmd.exe	32
PID 2824 wrote to memory of 2560	2824	cmd.exe	32
PID 2824 wrote to memory of 2560	2824	cmd.exe	32

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2560

memory/2560-5-0x000007FEF539E000-0x000007FEF539F000-memory.dmp

Filesize
4KB

Download
memory/2560-6-0x000000001B790000-0x000000001BA72000-memory.dmp

Filesize
2.9MB

Download
memory/2560-7-0x0000000001D00000-0x0000000001D08000-memory.dmp

Filesize
32KB

Download
memory/2560-8-0x000007FEF50E0000-0x000007FEF5A7D000-memory.dmp

Filesize
9.6MB

Download
memory/2560-9-0x000007FEF50E0000-0x000007FEF5A7D000-memory.dmp

Filesize
9.6MB

Download
memory/2560-10-0x000007FEF50E0000-0x000007FEF5A7D000-memory.dmp

Filesize
9.6MB

Download
memory/2560-11-0x000007FEF50E0000-0x000007FEF5A7D000-memory.dmp

Filesize
9.6MB

Download