Analysis
-
max time kernel
30s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21/01/2023, 16:52
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot Map/Screenshot Map.exe
Resource
win7-20220812-en
3 signatures
150 seconds
General
-
Target
Screenshot Map/Screenshot Map.exe
-
Size
604.7MB
-
MD5
ba1d3d2b21dec1e014e2eeb53960bc0d
-
SHA1
b18975b765c1eec576da7e9318295a0c5ac10633
-
SHA256
e5de228ce392a919b67059c57da866670d14ac05540f7e4be112289af6c4e10d
-
SHA512
0d4a955bdcab1f88cffb0138b645568aee97ea0bf0de1a61fb3442e0aa02ddc021605b70fb51b5d235fda448e85dd89101973b3d5eac2b91f4d03acc2a54ec2d
-
SSDEEP
12288:zMdwkvS0PLKHM7qZX1I5OrfQyEMPmT2rgRpA03+M4wKiTCIwEY7tRSGdg9obgP9s:QdwkvtlWZX1OWe1q
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 984 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 984 powershell.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1516 wrote to memory of 984 1516 Screenshot Map.exe 27 PID 1516 wrote to memory of 984 1516 Screenshot Map.exe 27 PID 1516 wrote to memory of 984 1516 Screenshot Map.exe 27 PID 1516 wrote to memory of 984 1516 Screenshot Map.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\Screenshot Map\Screenshot Map.exe"C:\Users\Admin\AppData\Local\Temp\Screenshot Map\Screenshot Map.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1516 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:984
-