86851d90dcc17fe8958d3f706ae6e8766857614c6e86ffb46f4f8971b1637a24

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 01:42

Target

ORDER QUG24-200370054200.exe
Size

692KB
MD5

08c50c2dcefc9ab09d35a6e847aa8694
SHA1

ae489d510e10b06186d159343d8a11e3b4346c77
SHA256

34b18b54b2df9bb5eb4364a484de01f20c6b8a431ab2ee0046f2a5e9d8a1e840
SHA512

b101ebebeab641b747b897dd8b17f0d6e54ad5859877ccfa40a062dae95a72cc3dc2093e569dcafe92dc9d6fa98c043dfc0091ac53ab15ca7a35e86a4968eea0
SSDEEP

12288:JX0pxKKXqUcfjbqQTr9/D685Wr9blEhCy3SQ0D1+jTIS/hf7N1vSs+yE:/gqUcfaQTr9Le5L/Dp+jT9fvasw

Score

9^/10

Detects executables packed with SmartAssembly 1 IoCs

resource	yara_rule
behavioral1/memory/2772-3-0x00000000008C0000-0x00000000008DC000-memory.dmp	INDICATOR_EXE_Packed_SmartAssembly

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2772 set thread context of 2944	2772	ORDER QUG24-200370054200.exe	30

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	ORDER QUG24-200370054200.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2944	2772	ORDER QUG24-200370054200.exe	30
PID 2772 wrote to memory of 2944	2772	ORDER QUG24-200370054200.exe	30
PID 2772 wrote to memory of 2944	2772	ORDER QUG24-200370054200.exe	30
PID 2772 wrote to memory of 2944	2772	ORDER QUG24-200370054200.exe	30

C:\Users\Admin\AppData\Local\Temp\ORDER QUG24-200370054200.exe
"C:\Users\Admin\AppData\Local\Temp\ORDER QUG24-200370054200.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\ORDER QUG24-200370054200.exe
  "C:\Users\Admin\AppData\Local\Temp\ORDER QUG24-200370054200.exe"
  2⤵
  PID:2944

memory/2772-0-0x000007FEF5C43000-0x000007FEF5C44000-memory.dmp

Filesize
4KB

Download
memory/2772-1-0x000000013FE40000-0x000000013FEF0000-memory.dmp

Filesize
704KB

Download
memory/2772-2-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download
memory/2772-3-0x00000000008C0000-0x00000000008DC000-memory.dmp

Filesize
112KB

Download
memory/2772-4-0x0000000000570000-0x0000000000584000-memory.dmp

Filesize
80KB

Download
memory/2772-5-0x000000001C630000-0x000000001C6B0000-memory.dmp

Filesize
512KB

Download
memory/2772-6-0x000007FEF5C43000-0x000007FEF5C44000-memory.dmp

Filesize
4KB

Download
memory/2772-9-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download
memory/2944-7-0x000007FFFFFD4000-0x000007FFFFFD5000-memory.dmp

Filesize
4KB

Download