0f3fcd1903a9b4ac99cdc7ed5e32f591ce28312d8fe8981e7b66a61e92b4a573

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 22:11

Target

Ibbubapquce.exe
Size

140KB
MD5

caec53ed7ab971ac19643d395f40a95e
SHA1

8459f1a2a1f3a1e1695eec0fbcb1a4baabdb86ac
SHA256

0f3fcd1903a9b4ac99cdc7ed5e32f591ce28312d8fe8981e7b66a61e92b4a573
SHA512

1edb8684230a5de9d3e924d8e63f580d219ba39ee3be7a4ff9615c061e35a298e1e7be6983bd152fc68ad8f375da835da9a491023e38ed8fcbec32e7020e583e
SSDEEP

1536:9rhjRpAPFisr9l5qaKXFRcBPq49+Vfj2vrWZaRF61m2oKs7MBGzQT445j/ULtiSR:JRRpAPZrjrKncB5CoX7ex5jVrDqtd4

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1748	Ibbubapquce.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1380	1748	Ibbubapquce.exe	31
PID 1748 wrote to memory of 1380	1748	Ibbubapquce.exe	31
PID 1748 wrote to memory of 1380	1748	Ibbubapquce.exe	31
PID 1748 wrote to memory of 1380	1748	Ibbubapquce.exe	31
PID 1748 wrote to memory of 1072	1748	Ibbubapquce.exe	32
PID 1748 wrote to memory of 1072	1748	Ibbubapquce.exe	32
PID 1748 wrote to memory of 1072	1748	Ibbubapquce.exe	32
PID 1748 wrote to memory of 1072	1748	Ibbubapquce.exe	32
PID 1748 wrote to memory of 1652	1748	Ibbubapquce.exe	33
PID 1748 wrote to memory of 1652	1748	Ibbubapquce.exe	33
PID 1748 wrote to memory of 1652	1748	Ibbubapquce.exe	33
PID 1748 wrote to memory of 1652	1748	Ibbubapquce.exe	33
PID 1748 wrote to memory of 1044	1748	Ibbubapquce.exe	34
PID 1748 wrote to memory of 1044	1748	Ibbubapquce.exe	34
PID 1748 wrote to memory of 1044	1748	Ibbubapquce.exe	34
PID 1748 wrote to memory of 1044	1748	Ibbubapquce.exe	34
PID 1748 wrote to memory of 2540	1748	Ibbubapquce.exe	35
PID 1748 wrote to memory of 2540	1748	Ibbubapquce.exe	35
PID 1748 wrote to memory of 2540	1748	Ibbubapquce.exe	35
PID 1748 wrote to memory of 2540	1748	Ibbubapquce.exe	35

C:\Users\Admin\AppData\Local\Temp\Ibbubapquce.exe
"C:\Users\Admin\AppData\Local\Temp\Ibbubapquce.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1380
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1072
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1652
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1044
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2540

memory/1748-0-0x000007FEF5703000-0x000007FEF5704000-memory.dmp

Filesize
4KB

Download
memory/1748-1-0x00000000012E0000-0x0000000001308000-memory.dmp

Filesize
160KB

Download
memory/1748-2-0x000007FEF5700000-0x000007FEF60EC000-memory.dmp

Filesize
9.9MB

Download
memory/1748-3-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/1748-4-0x000007FEF5700000-0x000007FEF60EC000-memory.dmp

Filesize
9.9MB

Download