Analysis
-
max time kernel
61s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-01-2023 17:46
Behavioral task
behavioral1
Sample
socks.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
socks.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
socks.exe
-
Size
13KB
-
MD5
1be6092e32956e83b99c3dc7c66603c7
-
SHA1
92d942f9eba3c7146588f56d33a32262e042091d
-
SHA256
8dc6a4ee7b41ba73197485e2b685f7f82e9889b2e544269eabcc5c6c1cb8bac7
-
SHA512
9dbafbd83acf41cddf6da38f984e09a35d2639f326988845d91d80c2e449b3284c17d601d4f27eb1059a9122f719eeabdd3387aceb9c0c9eed2cca01c812e91e
-
SSDEEP
192:6kWjQTlZ1eB+pvdNtj2+SPwHP+Q/ZCv2qwvuCKK76n9bJHOkrUNn:6kjTlZ02NtvSKP+cZC+qwZPGn9bJrUN
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
socks.exedescription ioc process File created C:\Windows\Tasks\wow64.job socks.exe File opened for modification C:\Windows\Tasks\wow64.job socks.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 1628 wrote to memory of 2016 1628 taskeng.exe socks.exe PID 1628 wrote to memory of 2016 1628 taskeng.exe socks.exe PID 1628 wrote to memory of 2016 1628 taskeng.exe socks.exe PID 1628 wrote to memory of 2016 1628 taskeng.exe socks.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\socks.exe"C:\Users\Admin\AppData\Local\Temp\socks.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {70ED9CCC-82AD-4497-A4FB-D710B3A39A78} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\socks.exeC:\Users\Admin\AppData\Local\Temp\socks.exe start2⤵