Analysis
-
max time kernel
140s -
max time network
146s -
platform
windows7_x64 -
resource
win7 -
submitted
08-07-2020 18:29
General
-
Target
AnonymizerGadgetSetup.1.000.1760.exe
-
Size
4.0MB
-
MD5
08d30f125230d7a82f47cee211b6e329
-
SHA1
59ec4f7a2fd0da33ff899079e75f2d0243e1101d
-
SHA256
ccaedac7e0d5d4a655d37d59fb12bfb920785e9c8d0b811dc6ab88d3e1ca6ea0
-
SHA512
b72691281214bad1d30b897e2cef26f57e08a7c3303a1efcae0e546e25a39ae7eb2c4bb504d89b9855d4ec6692b2a91834809f486f230a57577bf390aa3c1b20
Score
8/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Kills process with taskkill 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1760.exe"C:\Users\Admin\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1760.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-JTMBT.tmp\AnonymizerGadgetSetup.1.000.1760.tmp"C:\Users\Admin\AppData\Local\Temp\is-JTMBT.tmp\AnonymizerGadgetSetup.1.000.1760.tmp" /SL5="$50132,3746131,118784,C:\Users\Admin\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1760.exe"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
- Executes dropped EXE
-
C:\Windows\SysWOW64\taskkill.exe"C:\Windows\System32\taskkill.exe" /f /im AnonymizerLauncher.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken