Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7 -
submitted
16-07-2020 12:55
General
-
Target
Tracking No_SINI0068206497.exe
-
Size
665KB
-
MD5
e0dc70ee903578f318c13508b381f133
-
SHA1
1ec861971ae1243f1ea9b0d3005c98e80b497315
-
SHA256
0de5e6783719c4d59f57de40f09ed2cfaa14914a9f47762fd1c7190391b939a8
-
SHA512
26a139bc6d81d9c9b12a752c554a7e89a0754032f5c5dfc7d572c35c4ea64d3826c237a6dc32b26b0d6e8157c69f0a1b2231379b61ed3967f5464722190f441f
Score
6/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tracking No_SINI0068206497.exe"C:\Users\Admin\AppData\Local\Temp\Tracking No_SINI0068206497.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v kasmir /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\kasmir"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v kasmir /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\kasmir"3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\kasmir2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Modifies registry class
-