3b9cd8462139134f74bb60f08a87f9767cfeaf34092a1b3dfb2c84e0f1172d6b

Resubmissions

22/07/2024, 06:31

22/07/2024, 06:30

22/07/2024, 06:30

22/07/2024, 06:28

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 06:31

Target

PPPwn GUI 1.7.exe
Size

5.0MB
MD5

b30ac58118321a59c014ccc1a3e123e7
SHA1

047b21fec30c4c30dbd5c6a49dfa8186d28a7d06
SHA256

3b9cd8462139134f74bb60f08a87f9767cfeaf34092a1b3dfb2c84e0f1172d6b
SHA512

73c5510c09efd388c2ba490a97afad3fe85903427ec257ef8a641ae638cccc18f330fa710f3006b49766316183ebcbb197aae9b280edec43ac98ace40a5f9dff
SSDEEP

98304:ACg7NvE0ACgb/1QF6RtxFVbDnzZLWE9uRE10oyGCGxh3Rv7uebyNC92VIfrKgop2:AC6E9C2eURPLMzaWo19T

Score

1^/10

Kills process with taskkill 1 IoCs

evasion

pid	Process
5052	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5052	taskkill.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2068	748	PPPwn GUI 1.7.exe	89
PID 748 wrote to memory of 2068	748	PPPwn GUI 1.7.exe	89
PID 748 wrote to memory of 2068	748	PPPwn GUI 1.7.exe	89
PID 2068 wrote to memory of 5052	2068	cmd.exe	91
PID 2068 wrote to memory of 5052	2068	cmd.exe	91
PID 2068 wrote to memory of 5052	2068	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\PPPwn GUI 1.7.exe
"C:\Users\Admin\AppData\Local\Temp\PPPwn GUI 1.7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C taskkill /IM pppwn_.exe /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /IM pppwn_.exe /f
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5052

memory/748-0-0x0000000074C8E000-0x0000000074C8F000-memory.dmp

Filesize
4KB

Download
memory/748-1-0x0000000000540000-0x00000000010A4000-memory.dmp

Filesize
11.4MB

Download
memory/748-2-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download
memory/748-3-0x00000000054A0000-0x00000000054A1000-memory.dmp

Filesize
4KB

Download
memory/748-4-0x0000000007E60000-0x0000000008354000-memory.dmp

Filesize
5.0MB

Download
memory/748-5-0x00000000061C0000-0x0000000006764000-memory.dmp

Filesize
5.6MB

Download
memory/748-6-0x0000000005CB0000-0x0000000005D42000-memory.dmp

Filesize
584KB

Download
memory/748-7-0x0000000005D60000-0x0000000005D6A000-memory.dmp

Filesize
40KB

Download
memory/748-8-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download
memory/748-9-0x0000000007680000-0x0000000007716000-memory.dmp

Filesize
600KB

Download
memory/748-51-0x0000000074C8E000-0x0000000074C8F000-memory.dmp

Filesize
4KB

Download
memory/748-52-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download