Analysis
-
max time kernel
100s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
20-10-2022 08:02
General
-
Target
training
-
Size
204KB
-
MD5
25cd3ad7f60ce1ecb09b16556cbba2dc
-
SHA1
84c71cf880b4907baf1f8916b2188d69f17de45a
-
SHA256
56471e1ecf2833e7700784429e98f678ee96cde91516725fc40a536c58d5d228
-
SHA512
5b7efe6af38ebb5cec07bbacb0b9fd24cfb3e0c397eb67fb9bbd3950044276ce6faf042ddccdc5628845b78054ab31264727f617c3dee230e835b5b63963fc82
-
SSDEEP
6144:YAWvDMRXwNxHRpBn6za1QfZkZkE8Ju+aL:YAWvD6XwNxHRv6zaqfZkZk74+O
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 39 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 48 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\training1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage