Analysis
-
max time kernel
86s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 07:31
Behavioral task
behavioral1
Sample
889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe
Resource
win10v2004-20220901-en
General
-
Target
889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe
-
Size
773KB
-
MD5
0ff90dc880d4456848250c9c9e35ada3
-
SHA1
09ac402a8a6b3fb2f6fae68a206b9c26db9f7546
-
SHA256
889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd
-
SHA512
aa89e71fe9296df21fd7735714203a114eeae0a6a8b32e5d35a2189b47e4bee59acedd0bc7b72299b3d0c9c3ccf43489aa8ac848a69e1431fa76e1a944121384
-
SSDEEP
24576:9IJqTuNKnyB+05ZHwcDFHGtMXXtmRwQc1agSB:9GqTuNkYRHpDFmtMX9mRwQ8agSB
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/748-54-0x0000000000400000-0x00000000005B2000-memory.dmp upx behavioral1/memory/748-55-0x0000000000400000-0x00000000005B2000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe" 889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exepid process 748 889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe"C:\Users\Admin\AppData\Local\Temp\889eec7a10042bcba8149fd715675d12c6562100db6790d5523a2ba31d6d71fd.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
PID:748