Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 00:37
Static task
static1
Behavioral task
behavioral1
Sample
024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe
Resource
win7-20220901-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe
-
Size
564KB
-
MD5
1daec6e7ecfdd9f70e573e34ca1f3a60
-
SHA1
223b05cc891d12cde63bd4e0a82cbf0cc7418e07
-
SHA256
024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410
-
SHA512
43e7d4a1cd0a1cc792d1661f4c68808a48cdfceee29e3f32cc516bb942d026147d28ee554dd9dd9e7f59e460519d3d77cb354bbbad6ae18d22f77532bd776d07
-
SSDEEP
12288:qhYsdJuKpYFIuKpYFwEzsBwIfMjkfTJq4L0en:qhZJuKuFIuKuFwlBNfMjkbV0e
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\rundl132.exe 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe File created C:\Windows\Dll.dll 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 1500 wrote to memory of 1932 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 27 PID 1500 wrote to memory of 1932 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 27 PID 1500 wrote to memory of 1932 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 27 PID 1500 wrote to memory of 1932 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 27 PID 1932 wrote to memory of 572 1932 net.exe 29 PID 1932 wrote to memory of 572 1932 net.exe 29 PID 1932 wrote to memory of 572 1932 net.exe 29 PID 1932 wrote to memory of 572 1932 net.exe 29 PID 1500 wrote to memory of 460 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 30 PID 1500 wrote to memory of 460 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 30 PID 1500 wrote to memory of 460 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 30 PID 1500 wrote to memory of 460 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 30 PID 460 wrote to memory of 1688 460 net.exe 32 PID 460 wrote to memory of 1688 460 net.exe 32 PID 460 wrote to memory of 1688 460 net.exe 32 PID 460 wrote to memory of 1688 460 net.exe 32 PID 1500 wrote to memory of 1344 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 15 PID 1500 wrote to memory of 1344 1500 024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe 15
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1344
-
C:\Users\Admin\AppData\Local\Temp\024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe"C:\Users\Admin\AppData\Local\Temp\024164a90b5e845af2443e3d4919b1ed93087c14757bd035cd37881775ffd410.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:572
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:460 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:1688
-
-
-