Analysis
-
max time kernel
4264997s -
max time network
58s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
14-01-2022 14:28
Static task
static1
Behavioral task
behavioral1
Sample
7ebf41b7e0d24473f2ad0b25e354f615.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7ebf41b7e0d24473f2ad0b25e354f615.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
7ebf41b7e0d24473f2ad0b25e354f615.exe
-
Size
1.0MB
-
MD5
7ebf41b7e0d24473f2ad0b25e354f615
-
SHA1
6e9c110ed531f7239ff849a6b7c998d1c958f2d8
-
SHA256
15cea3c23e9d0f1ec3a748746bd425d642ae25b042b1b36c8364f721235f0f0d
-
SHA512
83dc1c23462f6f647d049214d9dba23874f3a1ba75815476107a0ffba769521d085a0e831132c09e02fe596290d1ec2ba954d26ec4d51cf7ee8636c2c5d2a24d
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
MusNotification.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz MusNotification.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 MusNotification.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
MusNotification.exedescription pid process Token: SeShutdownPrivilege 1440 MusNotification.exe Token: SeCreatePagefilePrivilege 1440 MusNotification.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ebf41b7e0d24473f2ad0b25e354f615.exe"C:\Users\Admin\AppData\Local\Temp\7ebf41b7e0d24473f2ad0b25e354f615.exe"1⤵
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken