e8a2290e74f358ee05881b5b74b62710e76a89ad95a23a5925687c6faf4b2de9

Resubmissions

23-07-2024 06:43

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 06:43

Target

EKRTLpU5icGiWtr.exe
Size

724KB
MD5

004d30b863f6438adde6cac38306e649
SHA1

ada01df796179f911c779887de1bbc5003ecb124
SHA256

e8a2290e74f358ee05881b5b74b62710e76a89ad95a23a5925687c6faf4b2de9
SHA512

25af44c77804674bc218986a9ed53f3c71348478cd904f568a782a15964ec174231cbd023ef2071e4140c03d0079833dfc74194f32d9200398e68d1706999937
SSDEEP

12288:PsRlDYSrRoaJKOErvezIpuE1Qd/7+bGdBpn6IpkuHDV0bRY6SThE+6MUFLv0APf7:wSSrSMWrvxpLQN+bGhn5pJp0bRY6SThx

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2912	EKRTLpU5icGiWtr.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2420	2912	EKRTLpU5icGiWtr.exe	31
PID 2912 wrote to memory of 2420	2912	EKRTLpU5icGiWtr.exe	31
PID 2912 wrote to memory of 2420	2912	EKRTLpU5icGiWtr.exe	31
PID 2912 wrote to memory of 2420	2912	EKRTLpU5icGiWtr.exe	31
PID 2912 wrote to memory of 2256	2912	EKRTLpU5icGiWtr.exe	32
PID 2912 wrote to memory of 2256	2912	EKRTLpU5icGiWtr.exe	32
PID 2912 wrote to memory of 2256	2912	EKRTLpU5icGiWtr.exe	32
PID 2912 wrote to memory of 2256	2912	EKRTLpU5icGiWtr.exe	32
PID 2912 wrote to memory of 2452	2912	EKRTLpU5icGiWtr.exe	33
PID 2912 wrote to memory of 2452	2912	EKRTLpU5icGiWtr.exe	33
PID 2912 wrote to memory of 2452	2912	EKRTLpU5icGiWtr.exe	33
PID 2912 wrote to memory of 2452	2912	EKRTLpU5icGiWtr.exe	33
PID 2912 wrote to memory of 1812	2912	EKRTLpU5icGiWtr.exe	34
PID 2912 wrote to memory of 1812	2912	EKRTLpU5icGiWtr.exe	34
PID 2912 wrote to memory of 1812	2912	EKRTLpU5icGiWtr.exe	34
PID 2912 wrote to memory of 1812	2912	EKRTLpU5icGiWtr.exe	34
PID 2912 wrote to memory of 2692	2912	EKRTLpU5icGiWtr.exe	35
PID 2912 wrote to memory of 2692	2912	EKRTLpU5icGiWtr.exe	35
PID 2912 wrote to memory of 2692	2912	EKRTLpU5icGiWtr.exe	35
PID 2912 wrote to memory of 2692	2912	EKRTLpU5icGiWtr.exe	35

C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe
"C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe
  "C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe"
  2⤵
  PID:2420
- C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe
  "C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe"
  2⤵
  PID:2256
- C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe
  "C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe"
  2⤵
  PID:2452
- C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe
  "C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe"
  2⤵
  PID:1812
- C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe
  "C:\Users\Admin\AppData\Local\Temp\EKRTLpU5icGiWtr.exe"
  2⤵
  PID:2692

memory/2912-0-0x000000007424E000-0x000000007424F000-memory.dmp

Filesize
4KB

Download
memory/2912-1-0x00000000003B0000-0x000000000046A000-memory.dmp

Filesize
744KB

Download
memory/2912-2-0x0000000074240000-0x000000007492E000-memory.dmp

Filesize
6.9MB

Download
memory/2912-3-0x00000000071C0000-0x0000000007260000-memory.dmp

Filesize
640KB

Download
memory/2912-4-0x0000000000470000-0x0000000000484000-memory.dmp

Filesize
80KB

Download
memory/2912-5-0x0000000000780000-0x000000000078A000-memory.dmp

Filesize
40KB

Download
memory/2912-6-0x00000000007A0000-0x00000000007AE000-memory.dmp

Filesize
56KB

Download
memory/2912-7-0x00000000077C0000-0x0000000007844000-memory.dmp

Filesize
528KB

Download
memory/2912-8-0x0000000074240000-0x000000007492E000-memory.dmp

Filesize
6.9MB

Download