Analysis
-
max time kernel
158s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 19:53
Static task
static1
Behavioral task
behavioral1
Sample
eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe
-
Size
715KB
-
MD5
24060f262e4f554081103eb58c0a1c58
-
SHA1
b5e4be1ce18de881e08e2a698ca3e46582239c33
-
SHA256
eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c
-
SHA512
1225f37828b864c3a2f17f9ca6ea3bd31d38e437b66ce9008a46b94e0e3b8bf54cd9dd87f4955ad8e7055d03d12d81b2243590bf496a5f37f9c097d8e87c224c
-
SSDEEP
12288:MjWJYCW0Dl7Qqn0xn1QGNUAz+YBNranBZQCWkUY/8l3CBl1T:MCJSegn1kq5/WjPu0/
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe 4792 eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe"C:\Users\Admin\AppData\Local\Temp\eafc7a0ec890bc1219053add91ad7f10ca6e74d624f078d52fe6b466afe6ad7c.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4792
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:4408