Resubmissions
17-01-2022 09:47
220117-lsbfvahch4 1017-01-2022 09:46
220117-lrzr2shehk 117-01-2022 09:40
220117-lnkhyshcf3 10Analysis
-
max time kernel
4264955s -
max time network
10s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
17-01-2022 09:46
Static task
static1
Behavioral task
behavioral1
Sample
10d7529f4fbf887796b8d6110dcf18bc77f9225a8be593235be080caf10b7d74.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
10d7529f4fbf887796b8d6110dcf18bc77f9225a8be593235be080caf10b7d74.exe
-
Size
592KB
-
MD5
f8e05f051c4151136ab7da1002e4c915
-
SHA1
23bd18eee8c7cdc3fe21ecb778af9a89e855b71e
-
SHA256
10d7529f4fbf887796b8d6110dcf18bc77f9225a8be593235be080caf10b7d74
-
SHA512
427a04103a5fbede6f2ebe2e5e82a5fc4790b5108ac9bb165f96cc04871d655ca12a92d2bbaea13491a56e76122aa0412595613560e392fa1a7365c81e829463
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
taskmgr.exepid process 632 taskmgr.exe 632 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 632 taskmgr.exe Token: SeSystemProfilePrivilege 632 taskmgr.exe Token: SeCreateGlobalPrivilege 632 taskmgr.exe -
Suspicious use of FindShellTrayWindow 14 IoCs
Processes:
taskmgr.exepid process 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe -
Suspicious use of SendNotifyMessage 14 IoCs
Processes:
taskmgr.exepid process 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe 632 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\10d7529f4fbf887796b8d6110dcf18bc77f9225a8be593235be080caf10b7d74.exe"C:\Users\Admin\AppData\Local\Temp\10d7529f4fbf887796b8d6110dcf18bc77f9225a8be593235be080caf10b7d74.exe"1⤵PID:2620
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:632
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2620-130-0x0000000000570000-0x000000000060A000-memory.dmpFilesize
616KB
-
memory/2620-131-0x0000000000570000-0x000000000060A000-memory.dmpFilesize
616KB
-
memory/2620-132-0x00000000055B0000-0x0000000005B54000-memory.dmpFilesize
5.6MB
-
memory/2620-133-0x0000000005000000-0x0000000005092000-memory.dmpFilesize
584KB