Analysis
-
max time kernel
15s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
19-07-2024 22:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1ac68b292573bd3b48ede9ac5ea02940N.exe
Resource
win7-20240705-en
windows7-x64
4 signatures
120 seconds
Behavioral task
behavioral2
Sample
1ac68b292573bd3b48ede9ac5ea02940N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
4 signatures
120 seconds
General
-
Target
1ac68b292573bd3b48ede9ac5ea02940N.exe
-
Size
41KB
-
MD5
1ac68b292573bd3b48ede9ac5ea02940
-
SHA1
394eaa52f10f694168f346a0090ce104a8410eec
-
SHA256
4508ac06af752db832a0582724bf479104a1019bce3306618a8da9b869ebda1e
-
SHA512
413597fbdd0f839913819e20e078a699a9818cdcf6b54196f533ed7bd72b67ef0772ba99c56b66398aa082e9dd863ece1dc52707d71cd255fe81d7fc6b3685d5
-
SSDEEP
768:ucG6xlCRaJKGOA7SHJ8HWr64a1VGHzkxS4iDHWLsDixcvn7mCnDG:ucG6yPzKSHJa1MP2Aiqvn77
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe -
Suspicious behavior: MapViewOfSection 23 IoCs
pid Process 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2496 wrote to memory of 384 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 3 PID 2496 wrote to memory of 384 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 3 PID 2496 wrote to memory of 384 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 3 PID 2496 wrote to memory of 384 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 3 PID 2496 wrote to memory of 384 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 3 PID 2496 wrote to memory of 384 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 3 PID 2496 wrote to memory of 384 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 3 PID 2496 wrote to memory of 392 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 4 PID 2496 wrote to memory of 392 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 4 PID 2496 wrote to memory of 392 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 4 PID 2496 wrote to memory of 392 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 4 PID 2496 wrote to memory of 392 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 4 PID 2496 wrote to memory of 392 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 4 PID 2496 wrote to memory of 392 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 4 PID 2496 wrote to memory of 432 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 5 PID 2496 wrote to memory of 432 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 5 PID 2496 wrote to memory of 432 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 5 PID 2496 wrote to memory of 432 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 5 PID 2496 wrote to memory of 432 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 5 PID 2496 wrote to memory of 432 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 5 PID 2496 wrote to memory of 432 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 5 PID 2496 wrote to memory of 480 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 6 PID 2496 wrote to memory of 480 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 6 PID 2496 wrote to memory of 480 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 6 PID 2496 wrote to memory of 480 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 6 PID 2496 wrote to memory of 480 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 6 PID 2496 wrote to memory of 480 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 6 PID 2496 wrote to memory of 480 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 6 PID 2496 wrote to memory of 488 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 7 PID 2496 wrote to memory of 488 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 7 PID 2496 wrote to memory of 488 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 7 PID 2496 wrote to memory of 488 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 7 PID 2496 wrote to memory of 488 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 7 PID 2496 wrote to memory of 488 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 7 PID 2496 wrote to memory of 488 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 7 PID 2496 wrote to memory of 496 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 8 PID 2496 wrote to memory of 496 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 8 PID 2496 wrote to memory of 496 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 8 PID 2496 wrote to memory of 496 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 8 PID 2496 wrote to memory of 496 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 8 PID 2496 wrote to memory of 496 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 8 PID 2496 wrote to memory of 496 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 8 PID 2496 wrote to memory of 596 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 9 PID 2496 wrote to memory of 596 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 9 PID 2496 wrote to memory of 596 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 9 PID 2496 wrote to memory of 596 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 9 PID 2496 wrote to memory of 596 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 9 PID 2496 wrote to memory of 596 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 9 PID 2496 wrote to memory of 596 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 9 PID 2496 wrote to memory of 676 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 10 PID 2496 wrote to memory of 676 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 10 PID 2496 wrote to memory of 676 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 10 PID 2496 wrote to memory of 676 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 10 PID 2496 wrote to memory of 676 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 10 PID 2496 wrote to memory of 676 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 10 PID 2496 wrote to memory of 676 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 10 PID 2496 wrote to memory of 740 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 11 PID 2496 wrote to memory of 740 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 11 PID 2496 wrote to memory of 740 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 11 PID 2496 wrote to memory of 740 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 11 PID 2496 wrote to memory of 740 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 11 PID 2496 wrote to memory of 740 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 11 PID 2496 wrote to memory of 740 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 11 PID 2496 wrote to memory of 808 2496 1ac68b292573bd3b48ede9ac5ea02940N.exe 12
Processes
-
C:\Windows\system32\wininit.exewininit.exe1⤵PID:384
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵PID:480
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵PID:596
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵PID:2040
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe4⤵PID:1660
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵PID:676
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵PID:740
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵PID:808
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵PID:1160
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵PID:840
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵PID:964
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵PID:112
-
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵PID:376
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵PID:1068
-
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵PID:1112
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"3⤵PID:1464
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵PID:2368
-
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵PID:1156
-
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵PID:488
-
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵PID:496
-
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵PID:392
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:432
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1204
-
C:\Users\Admin\AppData\Local\Temp\1ac68b292573bd3b48ede9ac5ea02940N.exe"C:\Users\Admin\AppData\Local\Temp\1ac68b292573bd3b48ede9ac5ea02940N.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2496
-