Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
15-05-2021 15:50
Static task
static1
Behavioral task
behavioral1
Sample
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe
Resource
win10v20210410
0 signatures
0 seconds
General
-
Target
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe
-
Size
220KB
-
MD5
bab299365c4e69170d72e83eb8fafd37
-
SHA1
89fd7fd6abbe29d17c5e30b09ffb4d0202a27abb
-
SHA256
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7
-
SHA512
ad7a0fde197d49e935c1768934434d36f23bcc4568c1dc8062a1e297da9b4c83c63647daadfee3f9d600e64c3c9cb97f4685f3df9d1c0cae79bf85894969ed09
Score
8/10
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
Processes:
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe" 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exepid process 1920 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exepid process 1920 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exepid process 1920 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe 1920 30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe"C:\Users\Admin\AppData\Local\Temp\30a0d7df706060884e48e9fbb83d8f33bec89b1179bf778a97dca5dbeec71da7.exe"1⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx