Analysis
-
max time kernel
149s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01-10-2022 20:23
Behavioral task
behavioral1
Sample
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
General
-
Target
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe
-
Size
202KB
-
MD5
65fd671b6c9fab44d3906bca563c2df0
-
SHA1
2aae5bf2856e9f1ff75b38ec6d79dc5fd7eab606
-
SHA256
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f
-
SHA512
b33fd992bb4f8d6c00879aca183cd658e1b6a0aba343aaa42d18df68cbd703d2d5f6623ea11bd58f4f30d26ae91bbd197d92f124d7e585b8dc7c0989f5869074
-
SSDEEP
3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIGAGuyMbaG0ZeXuBHuS2L+3Ij0:wLV6Bta6dtJmakIM54Gu6BJuS3soi5Q1
Malware Config
Signatures
-
Processes:
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exepid process 1044 bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe 1044 bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe 1044 bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe 1044 bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exepid process 1044 bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exedescription pid process Token: SeDebugPrivilege 1044 bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe"C:\Users\Admin\AppData\Local\Temp\bcd2158fa8cdba1ca2365547cdf95e6141418d79ffdfa0327e71e9571f034c2f.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken