Analysis
-
max time kernel
78s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07-09-2022 12:34
Static task
static1
Behavioral task
behavioral1
Sample
6b960e28fa171f1bbb508fc67e75edac.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
6b960e28fa171f1bbb508fc67e75edac.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
6b960e28fa171f1bbb508fc67e75edac.exe
-
Size
1.6MB
-
MD5
6b960e28fa171f1bbb508fc67e75edac
-
SHA1
db603bfd4026a7fb00740d5074f3cf49c8b45a30
-
SHA256
608a1475e1f6c90de598fb31f7dafe02f0b99a15cf16290041ddfc1a6be9464b
-
SHA512
fa7612d924c428f2cdd6143442f6705c43d35c395df164436b98f1edc3f017b67b20feffa3d924c5c7e6507b16210ff32637de14079194d89264b8773b1c23b7
-
SSDEEP
49152:bNQV3rUrb/TLvO90dL3BmAFd4A64nsfJBX45RgVBSLbDD1:S3rJ9S
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
6b960e28fa171f1bbb508fc67e75edac.exepid process 2124 6b960e28fa171f1bbb508fc67e75edac.exe 2124 6b960e28fa171f1bbb508fc67e75edac.exe -
Suspicious use of WriteProcessMemory 1 IoCs
Processes:
6b960e28fa171f1bbb508fc67e75edac.exedescription pid process target process PID 2124 wrote to memory of 400 2124 6b960e28fa171f1bbb508fc67e75edac.exe Conhost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b960e28fa171f1bbb508fc67e75edac.exe"C:\Users\Admin\AppData\Local\Temp\6b960e28fa171f1bbb508fc67e75edac.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV12⤵