Analysis
-
max time kernel
6s -
resource
win10v191014 -
submitted
13-12-2019 21:54
Task
task1
Sample
957b2f83291a31e89e55ecd6aab4d31d0f6294f42ced9c334c872cee3b9c5c83
Resource
win10v191014
0 signatures
General
-
Target
957b2f83291a31e89e55ecd6aab4d31d0f6294f42ced9c334c872cee3b9c5c83
-
Sample
191213-pk8vwpv5ha
-
SHA256
957b2f83291a31e89e55ecd6aab4d31d0f6294f42ced9c334c872cee3b9c5c83
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 5036 wrote to memory of 5064 5036 SppExtComObj.exe 75
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\957b2f83291a31e89e55ecd6aab4d31d0f6294f42ced9c334c872cee3b9c5c831⤵PID:4928
-
C:\Windows\system32\SppExtComObj.exeC:\Windows\system32\SppExtComObj.exe -Embedding1⤵
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Windows\System32\SLUI.exe"C:\Windows\System32\SLUI.exe" RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent2⤵PID:5064
-