Analysis
-
max time kernel
61s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-09-2022 01:50
Behavioral task
behavioral1
Sample
1be6092e32956e83b99c3dc7c66603c7.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1be6092e32956e83b99c3dc7c66603c7.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1be6092e32956e83b99c3dc7c66603c7.exe
-
Size
13KB
-
MD5
1be6092e32956e83b99c3dc7c66603c7
-
SHA1
92d942f9eba3c7146588f56d33a32262e042091d
-
SHA256
8dc6a4ee7b41ba73197485e2b685f7f82e9889b2e544269eabcc5c6c1cb8bac7
-
SHA512
9dbafbd83acf41cddf6da38f984e09a35d2639f326988845d91d80c2e449b3284c17d601d4f27eb1059a9122f719eeabdd3387aceb9c0c9eed2cca01c812e91e
-
SSDEEP
192:6kWjQTlZ1eB+pvdNtj2+SPwHP+Q/ZCv2qwvuCKK76n9bJHOkrUNn:6kjTlZ02NtvSKP+cZC+qwZPGn9bJrUN
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
1be6092e32956e83b99c3dc7c66603c7.exedescription ioc process File opened for modification C:\Windows\Tasks\wow64.job 1be6092e32956e83b99c3dc7c66603c7.exe File created C:\Windows\Tasks\wow64.job 1be6092e32956e83b99c3dc7c66603c7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 1688 wrote to memory of 1732 1688 taskeng.exe 1be6092e32956e83b99c3dc7c66603c7.exe PID 1688 wrote to memory of 1732 1688 taskeng.exe 1be6092e32956e83b99c3dc7c66603c7.exe PID 1688 wrote to memory of 1732 1688 taskeng.exe 1be6092e32956e83b99c3dc7c66603c7.exe PID 1688 wrote to memory of 1732 1688 taskeng.exe 1be6092e32956e83b99c3dc7c66603c7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1be6092e32956e83b99c3dc7c66603c7.exe"C:\Users\Admin\AppData\Local\Temp\1be6092e32956e83b99c3dc7c66603c7.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {961439BC-D9C1-4BBA-84D6-5DEC11010287} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1be6092e32956e83b99c3dc7c66603c7.exeC:\Users\Admin\AppData\Local\Temp\1be6092e32956e83b99c3dc7c66603c7.exe start2⤵