Analysis

  • max time kernel
    152s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    30-06-2022 18:03

General

  • Target

    taskhost.exe

  • Size

    693KB

  • MD5

    d6e447ddcc6f74cac89322ff25e7835e

  • SHA1

    9a419d1a7d4a515d03db7f08fdd27e11ae896b11

  • SHA256

    97be2d515e01ba66091148456b392f7539b43ab1ba412c493107e93aeda1536a

  • SHA512

    f913cac403ff7859dde8f8604617524ddc7227a4477f457b2b9716be7e6ec8b9b2dae2cff75dce4c32f054b561cff224f272af6e4d59df82c1c3cf28ffac645c

Score
8/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\taskhost.exe
    "C:\Users\Admin\AppData\Local\Temp\taskhost.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3664-130-0x0000000000B00000-0x0000000000CAF000-memory.dmp
    Filesize

    1.7MB

  • memory/3664-131-0x0000000000B00000-0x0000000000CAF000-memory.dmp
    Filesize

    1.7MB

  • memory/3664-134-0x0000000000B00000-0x0000000000CAF000-memory.dmp
    Filesize

    1.7MB