Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
13-02-2022 05:25
Static task
static1
Behavioral task
behavioral1
Sample
f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe
-
Size
476KB
-
MD5
0cf86ddb6e5ca2ae5be3c74de69ab646
-
SHA1
227135aa5a53d53b044d19102cf91263f8317e02
-
SHA256
f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5
-
SHA512
6cb714e80b4e7d2e5c3bf227a1a92e0e275ed3e2e593efe94d7222e2cc73f2217c67edc4517a8dddf6ecf8b2737a57725fb8c8b73bca56e5f585fb11371c3b0d
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3846991908-3261386348-1409841751-1000\Software\Microsoft\Windows\CurrentVersion\Run\f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe" f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe Key created \REGISTRY\USER\S-1-5-21-3846991908-3261386348-1409841751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exepid process 1576 f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe"C:\Users\Admin\AppData\Local\Temp\f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
PID:1576