Analysis
-
max time kernel
40s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
30-11-2022 09:19
General
-
Target
9cad416b95200ec0bc30ef95523f6e1b464886b6.exe
-
Size
2MB
-
MD5
48327e539837574b0ea89654d1c23d68
-
SHA1
9cad416b95200ec0bc30ef95523f6e1b464886b6
-
SHA256
bd6c4de472e1f69bd693b26f45f9c81f21bdd7f33dcc68bc27519f9431c4b7b4
-
SHA512
1ab83c7077973867ea41132890f388d80673df637d7ead551ea5f05098852a84bc567bfa5bb599551144ba1da1b2caaf3e5ce2aea5b5716f35887b5e85f3e127
-
SSDEEP
24576:VBXu9HGaVH9vflFkp4VY99j5Y4PZDK3XJCzix:Vw9VHBfnkp4VY9zbBGXJCzE
Score
8/10
Malware Config
Signatures
-
UPX packed file ⋅ 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable ⋅ 2 IoCs
AutoIT scripts compiled to PE executables.
-
Suspicious use of FindShellTrayWindow ⋅ 3 IoCs
-
Suspicious use of SendNotifyMessage ⋅ 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9cad416b95200ec0bc30ef95523f6e1b464886b6.exePID:864"C:\Users\Admin\AppData\Local\Temp\9cad416b95200ec0bc30ef95523f6e1b464886b6.exe"Suspicious use of FindShellTrayWindowSuspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/864-54-0x0000000075141000-0x0000000075143000-memory.dmp
-
memory/864-55-0x0000000000930000-0x0000000000D5F000-memory.dmp
-
memory/864-56-0x0000000000930000-0x0000000000D5F000-memory.dmp
Loading data