Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
15-09-2022 17:54
Static task
static1
Behavioral task
behavioral1
Sample
sample catalog2022.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
General
-
Target
sample catalog2022.exe
-
Size
288KB
-
MD5
f0e10bf42bfb76de46b122a9ab381e1f
-
SHA1
510a22752b3624bb71ab9c198c876b13cd6be9e1
-
SHA256
5e6ca13143ba73ac8595785c5741f5da0505c0155140d63852aa6d1e74fc081f
-
SHA512
f6e5ce2530615213a69cc1494667aed3e6b01321aba02c75c4cbb126ef130e8deb1ddd3c23fe73d2de2009dd75dd6c288ee935df1b4471249d5c04e68ae52790
-
SSDEEP
6144:JH/k7Gstb+5NcvahAKNRqF3hfvAoKqS8bZufRuV8vfBG:Jfkvw5mahbPqnQWv8vfc
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
sample catalog2022.exepid process 1696 sample catalog2022.exe 1696 sample catalog2022.exe 1696 sample catalog2022.exe 1696 sample catalog2022.exe 1696 sample catalog2022.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
sample catalog2022.exedescription pid process Token: SeDebugPrivilege 1696 sample catalog2022.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
sample catalog2022.exedescription pid process target process PID 1696 wrote to memory of 1992 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1992 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1992 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1992 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1160 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1160 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1160 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1160 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 544 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 544 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 544 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 544 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1124 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1124 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1124 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 1124 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 976 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 976 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 976 1696 sample catalog2022.exe cvtres.exe PID 1696 wrote to memory of 976 1696 sample catalog2022.exe cvtres.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\sample catalog2022.exe"C:\Users\Admin\AppData\Local\Temp\sample catalog2022.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"2⤵