Analysis
-
max time kernel
128s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
28-03-2022 22:21
Static task
static1
Behavioral task
behavioral1
Sample
49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe
Resource
win7-20220311-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe
-
Size
1.9MB
-
MD5
d2f0590df55127f29bc9c984fbf4a45f
-
SHA1
3024d55b72ccfea5daabd2e87756e7fd6ff7703e
-
SHA256
49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd
-
SHA512
27e446e589dc350382017da11775cf9e8b02c56f26a168f4479f15f4647ee6e0f3bf990bb9cd8a4793aaebc232818d14b488c00a9a4337ef38434a53fb9e7980
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mofcomp.url 49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 3716 49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe 3716 49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe 3716 49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 3716 49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe 3716 49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe 3716 49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe"C:\Users\Admin\AppData\Local\Temp\49f4342e228862604183cbb019d232bd60cba908799b1adbdd57b6b435d076dd.exe"1⤵
- Drops startup file
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3716