Analysis
-
max time kernel
533s -
max time network
1445s -
platform
windows7_x64 -
resource
win7-20220310-es -
submitted
20-03-2022 23:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://167.89.118.52.80
Resource
win7-20220310-es
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
http://167.89.118.52.80
Resource
win10-20220310-es
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
http://167.89.118.52.80
Resource
win10v2004-es-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
http://167.89.118.52.80
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
cmd.exepid process 904 cmd.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
taskeng.exedescription pid process target process PID 1860 wrote to memory of 868 1860 taskeng.exe default-browser-agent.exe PID 1860 wrote to memory of 868 1860 taskeng.exe default-browser-agent.exe PID 1860 wrote to memory of 868 1860 taskeng.exe default-browser-agent.exe
Processes
-
C:\Windows\system32\cmd.execmd /c start microsoft-edge:http://167.89.118.52.801⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\taskeng.exetaskeng.exe {DF2DF427-95B1-4277-9A67-67A9B3455DA2} S-1-5-18:NT AUTHORITY\System:Service:1⤵
-
C:\Windows\system32\taskeng.exetaskeng.exe {9F63D49A-2903-4A89-A303-EA04EAA90ABE} S-1-5-21-2932610838-281738825-1127631353-1000:NXLKCZKF\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\default-browser-agent.exe"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" do-task2⤵