Analysis
-
max time kernel
151s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12/10/2022, 16:41
Static task
static1
Behavioral task
behavioral1
Sample
a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe
Resource
win7-20220812-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe
-
Size
103KB
-
MD5
6152e59a5b2cb3cba9b48c75e947d3a8
-
SHA1
9e1986d4f836c7a4cb7c642ed84ae425d44a82ef
-
SHA256
a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3
-
SHA512
152c5ebef6fe043b1b90b6eb9fe6c9b8ee1080997cd51a0a0512369946744930e505a7e9416fc6db36fd29f9fc0351ccb6ccbd5abec34afa8430f067f5d42e2c
-
SSDEEP
3072:Kms0K1LcWYtaYxzTL7tYGF0o30Qt3kge7xEjaebI:Kms0K1LcWaaYxDiWGfxW
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\WINDOWS\WIN.EXE a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe File created C:\WINDOWS\WIN.hta a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 748 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 748 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 536 a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe 748 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe"C:\Users\Admin\AppData\Local\Temp\a1d4723d4fdacf869f681c1f0a19cedaf3d077a10ab4d5549cf13b94670627d3.exe"1⤵
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
PID:536
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:748