Analysis
-
max time kernel
46s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
03/12/2020, 08:08
Static task
static1
Behavioral task
behavioral1
Sample
vessel details.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
vessel details.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
vessel details.exe
-
Size
789KB
-
MD5
5d6a6b01f67747c89c39dbb8b518b506
-
SHA1
c2e75814f6f08d5edee2b3776131ddb1cb42d78b
-
SHA256
72072c06a5fe2aa1ebf6d2d0b8882c1e11565bed693b2cff1be63a228b26886b
-
SHA512
e799e688ce7c0596bdaaac81eac31c061acef226e37a784d0604bf2a0dd421b90b8962668bdd564bd35fa7f7cb5105d155efc7d342f3ecd1579db9ca724b3335
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe 1640 vessel details.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1640 vessel details.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 1640 wrote to memory of 1624 1640 vessel details.exe 29 PID 1640 wrote to memory of 1624 1640 vessel details.exe 29 PID 1640 wrote to memory of 1624 1640 vessel details.exe 29 PID 1640 wrote to memory of 1624 1640 vessel details.exe 29 PID 1640 wrote to memory of 1744 1640 vessel details.exe 30 PID 1640 wrote to memory of 1744 1640 vessel details.exe 30 PID 1640 wrote to memory of 1744 1640 vessel details.exe 30 PID 1640 wrote to memory of 1744 1640 vessel details.exe 30 PID 1640 wrote to memory of 1092 1640 vessel details.exe 31 PID 1640 wrote to memory of 1092 1640 vessel details.exe 31 PID 1640 wrote to memory of 1092 1640 vessel details.exe 31 PID 1640 wrote to memory of 1092 1640 vessel details.exe 31 PID 1640 wrote to memory of 1088 1640 vessel details.exe 32 PID 1640 wrote to memory of 1088 1640 vessel details.exe 32 PID 1640 wrote to memory of 1088 1640 vessel details.exe 32 PID 1640 wrote to memory of 1088 1640 vessel details.exe 32 PID 1640 wrote to memory of 1084 1640 vessel details.exe 33 PID 1640 wrote to memory of 1084 1640 vessel details.exe 33 PID 1640 wrote to memory of 1084 1640 vessel details.exe 33 PID 1640 wrote to memory of 1084 1640 vessel details.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\vessel details.exe"C:\Users\Admin\AppData\Local\Temp\vessel details.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Users\Admin\AppData\Local\Temp\vessel details.exe"{path}"2⤵PID:1624
-
-
C:\Users\Admin\AppData\Local\Temp\vessel details.exe"{path}"2⤵PID:1744
-
-
C:\Users\Admin\AppData\Local\Temp\vessel details.exe"{path}"2⤵PID:1092
-
-
C:\Users\Admin\AppData\Local\Temp\vessel details.exe"{path}"2⤵PID:1088
-
-
C:\Users\Admin\AppData\Local\Temp\vessel details.exe"{path}"2⤵PID:1084
-