Analysis
-
max time kernel
118s -
max time network
138s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
04-11-2021 14:27
Static task
static1
Behavioral task
behavioral1
Sample
177f3023ad736fa45c52b45259175e70.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
177f3023ad736fa45c52b45259175e70.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
177f3023ad736fa45c52b45259175e70.exe
-
Size
13KB
-
MD5
177f3023ad736fa45c52b45259175e70
-
SHA1
16c21613b0f30933dcc206cc9562cb95c28452c8
-
SHA256
45b9e820b3ab997c498a28d59601b1b72fbbf3b9415f8c75843ff24c2b250193
-
SHA512
1c38fb30f6a0eb7652fbc0dd4dc53ee01e9c3780196f9b243c50eabcec0914f51a6ad6e67156d53dc5a21014575adba4d26c61e3b2d08b71f9f80f8c0abc7dbd
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
177f3023ad736fa45c52b45259175e70.exedescription ioc process File created C:\Windows\Tasks\wow64.job 177f3023ad736fa45c52b45259175e70.exe File opened for modification C:\Windows\Tasks\wow64.job 177f3023ad736fa45c52b45259175e70.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 776 wrote to memory of 1272 776 taskeng.exe 177f3023ad736fa45c52b45259175e70.exe PID 776 wrote to memory of 1272 776 taskeng.exe 177f3023ad736fa45c52b45259175e70.exe PID 776 wrote to memory of 1272 776 taskeng.exe 177f3023ad736fa45c52b45259175e70.exe PID 776 wrote to memory of 1272 776 taskeng.exe 177f3023ad736fa45c52b45259175e70.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exe"C:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exe"1⤵
- Drops file in Windows directory
PID:1704
-
C:\Windows\system32\taskeng.exetaskeng.exe {33549613-9717-4685-8090-E63AE42EBF40} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:776 -
C:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exeC:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exe start2⤵PID:1272
-