Analysis
-
max time kernel
43s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-04-2024 22:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
BoostTool.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
60 seconds
Behavioral task
behavioral2
Sample
BoostTool.exe
Resource
win11-20240419-en
windows11-21h2-x64
1 signatures
60 seconds
General
-
Target
BoostTool.exe
-
Size
13.3MB
-
MD5
342a8574c1810f446d50e338e2387cff
-
SHA1
3d528af95a0ab4924e903cf42d121985c386d300
-
SHA256
f84d3cc85b7295ab59906d9c3305be94d8ad71a4261685118bee231c86e7b171
-
SHA512
7982ac87853e675f34772be5d7bca6387cddf23780fd575dff2d7b640a06f1089fafebce00fdb47977014ab4081c8c11f9a3192d4d2a94489e580ff7248a6e2d
-
SSDEEP
98304:f7utmPlS1RecMcjj6NQM0Efw4HbSMWQOfQtwZbF2/2PHGFJvGw+gweY6:fLPlS1Ra+j6NhfdgvQt4F2/2vM5Gwce
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
BoostTool.exedescription pid process target process PID 3884 wrote to memory of 3084 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 3084 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 4176 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 4176 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 3396 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 3396 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 4516 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 4516 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 1116 3884 BoostTool.exe cmd.exe PID 3884 wrote to memory of 1116 3884 BoostTool.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BoostTool.exe"C:\Users\Admin\AppData\Local\Temp\BoostTool.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c cls2⤵
-
C:\Windows\system32\cmd.execmd /c cls2⤵
-
C:\Windows\system32\cmd.execmd /c cls2⤵
-
C:\Windows\system32\cmd.execmd /c cls2⤵
-
C:\Windows\system32\cmd.execmd /c cls2⤵