Analysis

  • max time kernel
    60s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2022 18:27

General

  • Target

    9b11711efed24b3c6723521a7d7eb4a52e4914db7420e278aa36e727459d59dd.exe

  • Size

    136KB

  • MD5

    94d087166651c0020a9e6cc2fdacdc0c

  • SHA1

    99be22569ba9b1e49d3fd36f65faa6795672fcc0

  • SHA256

    9b11711efed24b3c6723521a7d7eb4a52e4914db7420e278aa36e727459d59dd

  • SHA512

    0f5a413e57e4cedf0a8df3b33cda3c2c0732ded58c367633e8677bf88786eb786b85c97420fda150fecb68db74dc00f77064c3ea77d00f53904413c9ea3a93ba

  • SSDEEP

    1536:xxd+ReKXU/MQaL7k0B/L7s+Zi+GrZxtQpfyHvtICS4A4UdZls8XzUXiWr4X5F4GC:xtchTojrZxtMhiiZHjUyWr4X5FTDU

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 47 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b11711efed24b3c6723521a7d7eb4a52e4914db7420e278aa36e727459d59dd.exe
    "C:\Users\Admin\AppData\Local\Temp\9b11711efed24b3c6723521a7d7eb4a52e4914db7420e278aa36e727459d59dd.exe"
    1⤵
      PID:1204
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:840
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x520
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:532
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1100

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/840-55-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

        Filesize

        8KB

      • memory/1100-57-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

      • memory/1204-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

        Filesize

        8KB