Analysis
-
max time kernel
87s -
max time network
92s -
platform
windows7_x64 -
resource
win7 -
submitted
30-06-2020 14:17
Static task
static1
Behavioral task
behavioral1
Sample
06120.PNG.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
06120.PNG.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
06120.PNG.exe
-
Size
406KB
-
MD5
c3324c44cfabf206b7fa36078943053a
-
SHA1
5d724c0983a2e45630bfe511f8fe72f4b0fa961c
-
SHA256
b7a402b7f1f325a60c5e39f8b156735d0eee8310abd57b3522dc529646a6253e
-
SHA512
236d3de94994bd8ae2c4676d85bc0f55a440f39d5550459c95d67fb0eadc660ff0e1963c09e959be9e4ae234c5918db9ce1817368220a99f969d43e913c1168f
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
06120.PNG.exepid process 1492 06120.PNG.exe 1492 06120.PNG.exe 1492 06120.PNG.exe 1492 06120.PNG.exe 1492 06120.PNG.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
06120.PNG.exedescription pid process Token: SeDebugPrivilege 1492 06120.PNG.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
06120.PNG.exedescription pid process target process PID 1492 wrote to memory of 388 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 388 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 388 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 388 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 788 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 788 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 788 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 788 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 336 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 336 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 336 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 336 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 736 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 736 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 736 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 736 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 324 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 324 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 324 1492 06120.PNG.exe 06120.PNG.exe PID 1492 wrote to memory of 324 1492 06120.PNG.exe 06120.PNG.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\06120.PNG.exe"C:\Users\Admin\AppData\Local\Temp\06120.PNG.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\06120.PNG.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\06120.PNG.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\06120.PNG.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\06120.PNG.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\06120.PNG.exe"{path}"2⤵