Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
13-07-2021 19:12
Static task
static1
Behavioral task
behavioral1
Sample
socks.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
socks.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
socks.exe
-
Size
13KB
-
MD5
fca6b8e7be21756ad15b863efe86d4f4
-
SHA1
787885416d0f6a09f7691e9703fa6f9cceba45b3
-
SHA256
1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a
-
SHA512
105b18a82c07bb4d162e507a34a16edda164dedf44b97dba90100927bae4ad48bd6762c220285bc7a25c01620fccbba7cc0eb2992d26aa210bb7bd3320e1152a
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
socks.exedescription ioc process File created C:\Windows\Tasks\wow64.job socks.exe File opened for modification C:\Windows\Tasks\wow64.job socks.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 344 wrote to memory of 1072 344 taskeng.exe socks.exe PID 344 wrote to memory of 1072 344 taskeng.exe socks.exe PID 344 wrote to memory of 1072 344 taskeng.exe socks.exe PID 344 wrote to memory of 1072 344 taskeng.exe socks.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\socks.exe"C:\Users\Admin\AppData\Local\Temp\socks.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {4A6A8616-EAA6-4C61-94A2-D26A1691510F} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\socks.exeC:\Users\Admin\AppData\Local\Temp\socks.exe start2⤵