66fcc1c436eeaaffb9596067739031a54659ec1a6141247e23157e54285f5b59

Analysis

max time kernel
26s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
20-07-2024 05:32

Target

test.exe
Size

5.1MB
MD5

d46ed34d1b0c9af404f24ffa9aab2a9b
SHA1

3c9e4b8d77ee1688ecae19cb6329a26304f6d5b7
SHA256

66fcc1c436eeaaffb9596067739031a54659ec1a6141247e23157e54285f5b59
SHA512

c74e2220f8541b791898b4cf48899a7311449e57943e258ef946b547c9ed58ba6135d432c8d0aa796c423a133bc9fcc811c4e31a33082ada9e63f1c56b125aca
SSDEEP

98304:vDTsfBIN7ifT52x1GXZXDOE45SB15w+B4sRGuLZuUxV:/sJG76N2bGXZMA15LOoL

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	test.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1176	2916	test.exe	83
PID 2916 wrote to memory of 1176	2916	test.exe	83
PID 2916 wrote to memory of 1176	2916	test.exe	83
PID 2916 wrote to memory of 1452	2916	test.exe	84
PID 2916 wrote to memory of 1452	2916	test.exe	84
PID 2916 wrote to memory of 1452	2916	test.exe	84
PID 2916 wrote to memory of 1820	2916	test.exe	85
PID 2916 wrote to memory of 1820	2916	test.exe	85
PID 2916 wrote to memory of 1820	2916	test.exe	85
PID 2916 wrote to memory of 3572	2916	test.exe	86
PID 2916 wrote to memory of 3572	2916	test.exe	86
PID 2916 wrote to memory of 3572	2916	test.exe	86
PID 2916 wrote to memory of 2112	2916	test.exe	87
PID 2916 wrote to memory of 2112	2916	test.exe	87
PID 2916 wrote to memory of 2112	2916	test.exe	87

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1176
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1452
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1820
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3572
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2112

memory/2916-0-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

Filesize
4KB

Download
memory/2916-1-0x0000000000570000-0x0000000000A9A000-memory.dmp

Filesize
5.2MB

Download
memory/2916-2-0x0000000005BF0000-0x0000000006196000-memory.dmp

Filesize
5.6MB

Download
memory/2916-3-0x0000000005540000-0x00000000055D2000-memory.dmp

Filesize
584KB

Download
memory/2916-4-0x00000000055F0000-0x00000000055FA000-memory.dmp

Filesize
40KB

Download
memory/2916-5-0x0000000074A00000-0x00000000751B1000-memory.dmp

Filesize
7.7MB

Download
memory/2916-6-0x0000000005830000-0x00000000058A6000-memory.dmp

Filesize
472KB

Download
memory/2916-7-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

Filesize
4KB

Download
memory/2916-8-0x0000000074A00000-0x00000000751B1000-memory.dmp

Filesize
7.7MB

Download
memory/2916-9-0x00000000071A0000-0x00000000076C8000-memory.dmp

Filesize
5.2MB

Download
memory/2916-10-0x0000000005810000-0x000000000582E000-memory.dmp

Filesize
120KB

Download
memory/2916-12-0x0000000074A00000-0x00000000751B1000-memory.dmp

Filesize
7.7MB

Download