Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
25-01-2022 07:53
Static task
static1
Behavioral task
behavioral1
Sample
BANK SLIP.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
BANK SLIP.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
BANK SLIP.exe
-
Size
574KB
-
MD5
e31713764cfbbbe5c54f25a5cdeff52c
-
SHA1
5af188609cc8e2eac3795480ec9d1edd21489450
-
SHA256
a4cb158cc6b760f0e208da10143b34039f21e496d85d87303e7bf66045edbdd9
-
SHA512
268cb7bc06d4ef647af1dfb7db6bfb8c2ca50ef75f63455f3f0ca8a55dc7d1c8c1b7d175d54ecbbc5f2baab22519b98688f64824924ca3c14c815735ce9338fa
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
BANK SLIP.exepid process 2264 BANK SLIP.exe 2264 BANK SLIP.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
BANK SLIP.exedescription pid process Token: SeDebugPrivilege 2264 BANK SLIP.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
BANK SLIP.exedescription pid process target process PID 2264 wrote to memory of 3044 2264 BANK SLIP.exe aspnet_compiler.exe PID 2264 wrote to memory of 3044 2264 BANK SLIP.exe aspnet_compiler.exe PID 2264 wrote to memory of 3044 2264 BANK SLIP.exe aspnet_compiler.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BANK SLIP.exe"C:\Users\Admin\AppData\Local\Temp\BANK SLIP.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"2⤵PID:3044