Analysis
-
max time kernel
73s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20220331-en -
submitted
31-03-2022 21:55
Static task
static1
Behavioral task
behavioral1
Sample
tkraw_Protected99.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tkraw_Protected99.exe
Resource
win10v2004-20220331-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
tkraw_Protected99.exe
-
Size
1.9MB
-
MD5
71826ba081e303866ce2a2534491a2f7
-
SHA1
b482d64a43f6bfbf758166ecba680b7f0c59a4f7
-
SHA256
62099532750dad1054b127689680c38590033fa0bdfa4fb40c7b4dcb2607fb11
-
SHA512
c1a3092eb4194fc777f9d681ad2ee98e1a28d9c6decded8f9054806fa4e94c0aaf9d66186c616cca4b5d2111868a3f79a54e4e7b84335579082eeedc7cee372d
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
tkraw_Protected99.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogons.url tkraw_Protected99.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
tkraw_Protected99.exepid process 4212 tkraw_Protected99.exe 4212 tkraw_Protected99.exe 4212 tkraw_Protected99.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
tkraw_Protected99.exepid process 4212 tkraw_Protected99.exe 4212 tkraw_Protected99.exe 4212 tkraw_Protected99.exe