Analysis
-
max time kernel
152s -
max time network
87s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 13:46
General
-
Target
8695a5442bbbedcf91c392a75201e70e7624ca5c9319a31a1631d018f72eeb43.exe
-
Size
88KB
-
MD5
6d5f527d15977dbb16b9b2bb471e3fe1
-
SHA1
615b4b222b3d0af32c8a2c0897e2d1c658a51c94
-
SHA256
8695a5442bbbedcf91c392a75201e70e7624ca5c9319a31a1631d018f72eeb43
-
SHA512
68b92bda4b59bf5d1359afe2752cb257cc505c733fa6c383417f164a22ba488d8aa2ea86aa9417aa43c764aee977b1bcaf740e7df1f838aa9184d03018cfca7a
-
SSDEEP
1536:rk3FSROdGa2ibckTaf/pEuYUCW0VAq/sU:rk3FFJ2ibLTc/pEuYrW0VAqUU
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8695a5442bbbedcf91c392a75201e70e7624ca5c9319a31a1631d018f72eeb43.exe"C:\Users\Admin\AppData\Local\Temp\8695a5442bbbedcf91c392a75201e70e7624ca5c9319a31a1631d018f72eeb43.exe"1⤵
- Drops file in System32 directory
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\taskmgr.exetaskmgr.exe /21⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1216-54-0x000007FEFBFC1000-0x000007FEFBFC3000-memory.dmpFilesize
8KB
-
memory/1216-55-0x0000000140000000-0x00000001405E8000-memory.dmpFilesize
5.9MB