Analysis
-
max time kernel
151s -
max time network
188s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-06-2022 22:29
Static task
static1
Behavioral task
behavioral1
Sample
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe
-
Size
574KB
-
MD5
c567544f04e0e104ef71bf7ffd110629
-
SHA1
d184d4d7b3fad6a8a014637d66d8ab52f0e516c1
-
SHA256
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe
-
SHA512
c04616198f7c88070eb95fe965ccc8033b32d0dd9925b84cfd5489aa2d429cc4d8ce8b3c8b0b6abc2f52c9cdc8cf44b94021859f7bdef28a1a3461af8fcb7ebe
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exedescription pid Process procid_target PID 756 set thread context of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exepid Process 1116 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exedescription pid Process Token: SeDebugPrivilege 1116 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe Token: 33 1116 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe Token: SeIncBasePriorityPrivilege 1116 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exepid Process 1116 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exedescription pid Process procid_target PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28 PID 756 wrote to memory of 1116 756 1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe"C:\Users\Admin\AppData\Local\Temp\1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:756 -
C:\Users\Admin\AppData\Local\Temp\1e1394309a44fe57f7dc501902112987bf6a5d6a3e180758bfb1cd9928fe04fe.exe"{path}"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1116
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2004