Analysis
-
max time kernel
239s -
max time network
294s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 12:22
Static task
static1
Behavioral task
behavioral1
Sample
intelsoftwareassetmanagerservice.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
intelsoftwareassetmanagerservice.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
intelsoftwareassetmanagerservice.exe
-
Size
3.1MB
-
MD5
5bdebce7118d30a387fec0f9329c5437
-
SHA1
83a66c54772017c6fa0e243bcf5bbfebd2c29518
-
SHA256
b8f8ddaba5754af65c9b7c762d69e1b2bd3702307c41589977759d813bf78635
-
SHA512
96676730f1529972ee7f6582d43d856ffeed4706d26042c961ed14598eb03c0be410c1fe4d993b5a2eb594a7de0eba5b9004c713e29ae7e932947beda1de80b4
Score
1/10
Malware Config
Signatures
-
Processes:
explorer.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe -
Modifies registry class 5 IoCs
Processes:
explorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings explorer.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 3904 NOTEPAD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
explorer.exepid process 2128 explorer.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
svchost.exeexplorer.exedescription pid process Token: SeManageVolumePrivilege 4240 svchost.exe Token: SeShutdownPrivilege 2128 explorer.exe Token: SeCreatePagefilePrivilege 2128 explorer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
explorer.exepid process 2128 explorer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\intelsoftwareassetmanagerservice.exe"C:\Users\Admin\AppData\Local\Temp\intelsoftwareassetmanagerservice.exe"1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ShowSplit.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow