Analysis
-
max time kernel
104s -
max time network
164s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system -
submitted
28/03/2025, 19:55
Behavioral task
behavioral1
Sample
update.exe
Resource
win10ltsc2021-20250314-en
14 signatures
900 seconds
Behavioral task
behavioral2
Sample
update2.exe
Resource
win10ltsc2021-20250314-en
3 signatures
900 seconds
General
-
Target
update2.exe
-
Size
3.3MB
-
MD5
3876620b2dfe935da42b2a7b39d3fd76
-
SHA1
3a0062512fb9899bec89bddeb57623bb1266e3ed
-
SHA256
99275da9ed9468cf8db779b7a87a87b446d955b235e1d0028a0a41a1ddbb516d
-
SHA512
e597612c0cd629dc055b9880b2b9735c74a497050f6f78c9b2628780d40ea1d5b1586a0cff322e84779147024d7de23346827dbb41fe6f01b02ee0ee55d5ec61
-
SSDEEP
49152:yX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QY:ylRsZ47/QXoHUOfAoj1x6Y
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2284 wmic.exe 2284 wmic.exe 2284 wmic.exe 2284 wmic.exe -
Suspicious use of AdjustPrivilegeToken 42 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2284 wmic.exe Token: SeSecurityPrivilege 2284 wmic.exe Token: SeTakeOwnershipPrivilege 2284 wmic.exe Token: SeLoadDriverPrivilege 2284 wmic.exe Token: SeSystemProfilePrivilege 2284 wmic.exe Token: SeSystemtimePrivilege 2284 wmic.exe Token: SeProfSingleProcessPrivilege 2284 wmic.exe Token: SeIncBasePriorityPrivilege 2284 wmic.exe Token: SeCreatePagefilePrivilege 2284 wmic.exe Token: SeBackupPrivilege 2284 wmic.exe Token: SeRestorePrivilege 2284 wmic.exe Token: SeShutdownPrivilege 2284 wmic.exe Token: SeDebugPrivilege 2284 wmic.exe Token: SeSystemEnvironmentPrivilege 2284 wmic.exe Token: SeRemoteShutdownPrivilege 2284 wmic.exe Token: SeUndockPrivilege 2284 wmic.exe Token: SeManageVolumePrivilege 2284 wmic.exe Token: 33 2284 wmic.exe Token: 34 2284 wmic.exe Token: 35 2284 wmic.exe Token: 36 2284 wmic.exe Token: SeIncreaseQuotaPrivilege 2284 wmic.exe Token: SeSecurityPrivilege 2284 wmic.exe Token: SeTakeOwnershipPrivilege 2284 wmic.exe Token: SeLoadDriverPrivilege 2284 wmic.exe Token: SeSystemProfilePrivilege 2284 wmic.exe Token: SeSystemtimePrivilege 2284 wmic.exe Token: SeProfSingleProcessPrivilege 2284 wmic.exe Token: SeIncBasePriorityPrivilege 2284 wmic.exe Token: SeCreatePagefilePrivilege 2284 wmic.exe Token: SeBackupPrivilege 2284 wmic.exe Token: SeRestorePrivilege 2284 wmic.exe Token: SeShutdownPrivilege 2284 wmic.exe Token: SeDebugPrivilege 2284 wmic.exe Token: SeSystemEnvironmentPrivilege 2284 wmic.exe Token: SeRemoteShutdownPrivilege 2284 wmic.exe Token: SeUndockPrivilege 2284 wmic.exe Token: SeManageVolumePrivilege 2284 wmic.exe Token: 33 2284 wmic.exe Token: 34 2284 wmic.exe Token: 35 2284 wmic.exe Token: 36 2284 wmic.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4228 wrote to memory of 2284 4228 update2.exe 82 PID 4228 wrote to memory of 2284 4228 update2.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\update2.exe"C:\Users\Admin\AppData\Local\Temp\update2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4228 -
C:\Windows\system32\wbem\wmic.exewmic os get oslanguage /FORMAT:LIST2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2284
-