Analysis
-
max time kernel
80s -
max time network
120s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
14-10-2021 06:36
General
-
Target
services.exe
-
Size
9.1MB
-
MD5
b3e5debd7d5b6ed4c78a092d66b5be41
-
SHA1
802453435b6f5321a0bff4e9d32ff7a4dee3c784
-
SHA256
95de9b9ee0e8194cb2733def70e428b7c25c47c2b7bb407226fc2dd3695ccd82
-
SHA512
b13de41b4fcb3f38fcc19f39e0dddae25564cdb7ee59f865fe6eb83b7bada349924cdc6697b5187a81dcae3952328a3c79615c7bfadeedb96d030f744cfee80b
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 41 IoCs
-
Suspicious use of SendNotifyMessage 40 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\services.exe"C:\Users\Admin\AppData\Local\Temp\services.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage