Analysis
-
max time kernel
71s -
max time network
116s -
platform
windows10_x64 -
resource
win10 -
submitted
02-08-2020 07:31
Static task
static1
Behavioral task
behavioral1
Sample
itunes.bin.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
itunes.bin.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
itunes.bin.exe
-
Size
5.6MB
-
MD5
6aa36f386a3e645f67cd6945374b8ea8
-
SHA1
17f6d3dedfd6afe56135d3a2e7ae3a7d120151ca
-
SHA256
39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
-
SHA512
87f59bb1a8d6887fa967d811e2db70c2bfb9bf9673347c6bada2d03f1e3371fbe05e7853a063a90df71627f9ea803d83c71c89b88859199f5a28e2c05e38d706
Score
8/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
itunes.bin.exeitunes.exepid process 2728 itunes.bin.exe 2728 itunes.bin.exe 3848 itunes.exe 3848 itunes.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
itunes.bin.exeitunes.exedescription pid process Token: SeDebugPrivilege 2728 itunes.bin.exe Token: SeDebugPrivilege 2728 itunes.bin.exe Token: SeDebugPrivilege 3848 itunes.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
itunes.bin.exedescription pid process target process PID 2728 wrote to memory of 3848 2728 itunes.bin.exe itunes.exe PID 2728 wrote to memory of 3848 2728 itunes.bin.exe itunes.exe PID 2728 wrote to memory of 3848 2728 itunes.bin.exe itunes.exe -
Executes dropped EXE 1 IoCs
Processes:
itunes.exepid process 3848 itunes.exe -
Enumerates connected drives 3 TTPs
-
Drops desktop.ini file(s) 1 IoCs
Processes:
itunes.bin.exedescription ioc process File opened for modification C:\Users\Admin\Desktop\desktop.ini itunes.bin.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
itunes.bin.exeitunes.exepid process 2728 itunes.bin.exe 3848 itunes.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
itunes.bin.exeitunes.exepid process 2728 itunes.bin.exe 2728 itunes.bin.exe 3848 itunes.exe 3848 itunes.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\itunes.bin.exe"C:\Users\Admin\AppData\Local\Temp\itunes.bin.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Documents\itunes.exe"C:\Users\Admin\Documents\itunes.exe"2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses