Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
04-11-2024 14:26
Behavioral task
behavioral1
Sample
mesh.exe
Resource
win7-20241010-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
mesh.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
mesh.exe
-
Size
3.3MB
-
MD5
0d6e405856f8687fb1a06645a85bb0f3
-
SHA1
703fe09716b5e92e984c3645157ae9703ed0227d
-
SHA256
db8174175cec245f15f117503fd9e178307fb3763ea7e2e47541e80bfc953746
-
SHA512
e7dd401629387eb0c942699333dcab6918df279728321c3e9cd105d2cd26e82ac88dfe1eca291dababce303e7248dfcca4be52c3a09cb79482cd09251cde0098
-
SSDEEP
49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QxR:PlRsZ47/QXoHUOfAoj1x6xR
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 40 IoCs
Processes:
wmic.exedescription pid Process Token: SeIncreaseQuotaPrivilege 1748 wmic.exe Token: SeSecurityPrivilege 1748 wmic.exe Token: SeTakeOwnershipPrivilege 1748 wmic.exe Token: SeLoadDriverPrivilege 1748 wmic.exe Token: SeSystemProfilePrivilege 1748 wmic.exe Token: SeSystemtimePrivilege 1748 wmic.exe Token: SeProfSingleProcessPrivilege 1748 wmic.exe Token: SeIncBasePriorityPrivilege 1748 wmic.exe Token: SeCreatePagefilePrivilege 1748 wmic.exe Token: SeBackupPrivilege 1748 wmic.exe Token: SeRestorePrivilege 1748 wmic.exe Token: SeShutdownPrivilege 1748 wmic.exe Token: SeDebugPrivilege 1748 wmic.exe Token: SeSystemEnvironmentPrivilege 1748 wmic.exe Token: SeRemoteShutdownPrivilege 1748 wmic.exe Token: SeUndockPrivilege 1748 wmic.exe Token: SeManageVolumePrivilege 1748 wmic.exe Token: 33 1748 wmic.exe Token: 34 1748 wmic.exe Token: 35 1748 wmic.exe Token: SeIncreaseQuotaPrivilege 1748 wmic.exe Token: SeSecurityPrivilege 1748 wmic.exe Token: SeTakeOwnershipPrivilege 1748 wmic.exe Token: SeLoadDriverPrivilege 1748 wmic.exe Token: SeSystemProfilePrivilege 1748 wmic.exe Token: SeSystemtimePrivilege 1748 wmic.exe Token: SeProfSingleProcessPrivilege 1748 wmic.exe Token: SeIncBasePriorityPrivilege 1748 wmic.exe Token: SeCreatePagefilePrivilege 1748 wmic.exe Token: SeBackupPrivilege 1748 wmic.exe Token: SeRestorePrivilege 1748 wmic.exe Token: SeShutdownPrivilege 1748 wmic.exe Token: SeDebugPrivilege 1748 wmic.exe Token: SeSystemEnvironmentPrivilege 1748 wmic.exe Token: SeRemoteShutdownPrivilege 1748 wmic.exe Token: SeUndockPrivilege 1748 wmic.exe Token: SeManageVolumePrivilege 1748 wmic.exe Token: 33 1748 wmic.exe Token: 34 1748 wmic.exe Token: 35 1748 wmic.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
mesh.exedescription pid Process procid_target PID 2536 wrote to memory of 1748 2536 mesh.exe 31 PID 2536 wrote to memory of 1748 2536 mesh.exe 31 PID 2536 wrote to memory of 1748 2536 mesh.exe 31