8e0543407eeeae125e31d12c41c6678eb46dd8737ed58e5a17a6ff48bd56fd6a

Analysis

max time kernel
15s
max time network
24s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e@zy_start.exe
Size

782.4MB
MD5

0db1b5fae054951e07208f6fa22367ad
SHA1

b21a2f734293aa21acbefb814043d55a74616a7a
SHA256

70a6a3cd35cf1f118f749b8557301ae3f9e477edb3eceaaea7c6b030fb5963b9
SHA512

625e6090010212eb52201cb5a3cd48752a2feab57037f8a54f2472b0b8428ee20b444d7cdcb9fa42b443c4e79767b87b47dc3aeb1044c2e2a7ba699e0ee126b0
SSDEEP

98304:YkQIzJ7T7q/ap2fZAq0G+qkct8lGgXMcYc9cDcYc9cDcYc9cDcYc9cDcYc9cDcYt:YkQINn7q/BSxGBktFc

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

e@zy_start.exe

pid process

2696 e@zy_start.exe
2696 e@zy_start.exe
2696 e@zy_start.exe
2696 e@zy_start.exe
2696 e@zy_start.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e@zy_start.exe

description pid process

Token: SeDebugPrivilege 2696 e@zy_start.exe

pid	process
2696	e@zy_start.exe
2696	e@zy_start.exe
2696	e@zy_start.exe
2696	e@zy_start.exe
2696	e@zy_start.exe

description	pid	process
Token: SeDebugPrivilege	2696	e@zy_start.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

e@zy_start.exe

description	pid	process	target process
PID 2696 wrote to memory of 2536	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2536	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2536	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2536	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2604	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2604	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2604	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2604	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2940	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2940	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2940	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2940	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2988	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2988	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2988	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2988	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2528	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2528	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2528	2696	e@zy_start.exe	e@zy_start.exe
PID 2696 wrote to memory of 2528	2696	e@zy_start.exe	e@zy_start.exe

C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe
"C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe
"C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe"
2⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe
"C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe"
2⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe
"C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe"
2⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe
"C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe"
2⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe
"C:\Users\Admin\AppData\Local\Temp\e@zy_start.exe"
2⤵
PID:2528

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2696-0-0x00000000748AE000-0x00000000748AF000-memory.dmp

Filesize
4KB

Download
memory/2696-1-0x0000000000170000-0x000000000060E000-memory.dmp

Filesize
4.6MB

Download
memory/2696-2-0x00000000748A0000-0x0000000074F8E000-memory.dmp

Filesize
6.9MB

Download
memory/2696-3-0x0000000004F90000-0x000000000510A000-memory.dmp

Filesize
1.5MB

Download
memory/2696-4-0x0000000000770000-0x000000000078C000-memory.dmp

Filesize
112KB

Download
memory/2696-5-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-50-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-44-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-64-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-63-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-60-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-58-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-56-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-54-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-52-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-48-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-46-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-42-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-40-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-38-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-36-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-32-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-30-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-28-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-26-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-24-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-22-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-65-0x00000000748A0000-0x0000000074F8E000-memory.dmp

Filesize
6.9MB

Download
memory/2696-20-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-19-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-16-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-14-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-12-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-10-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-8-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-7-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-34-0x0000000000770000-0x0000000000785000-memory.dmp

Filesize
84KB

Download
memory/2696-66-0x00000000748A0000-0x0000000074F8E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads