Analysis
-
max time kernel
142s -
max time network
77s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 09:45
Static task
static1
Behavioral task
behavioral1
Sample
00000000.exe
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
00000000.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
00000000.exe
-
Size
718KB
-
MD5
7cf2ad62d3903e846f53f9cf6b6d6165
-
SHA1
59688005886c9f59c52087301a89c48d1749f457
-
SHA256
d7f52588d2f9c418c5fa3a9f69dc55dfcb4c36be56673cb4d7d4807fc8d99704
-
SHA512
a38942e28ff00e02c051c2a0bc9f62cd4630c9512e9b9609ded04d1e1de49bcf7c64483982d6f138b186e776044ea5fbd89d95380d9033728192f0fedff8c1c1
-
SSDEEP
12288:ORvRU68atsFb35ljSkv+IVYKZFL/jcrBWr1W+D78PPlY:oU68atsxTxrZx41WWQ7eNY
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
00000000.exepid process 280 00000000.exe 280 00000000.exe 280 00000000.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
00000000.exedescription pid process Token: SeDebugPrivilege 280 00000000.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
00000000.exedescription pid process target process PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 1552 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe PID 280 wrote to memory of 916 280 00000000.exe AddInProcess32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\00000000.exe"C:\Users\Admin\AppData\Local\Temp\00000000.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:280 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"2⤵PID:1552
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"2⤵PID:916