Analysis
-
max time kernel
55s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
16-02-2023 21:44
Static task
static1
Behavioral task
behavioral1
Sample
koid.exe
Resource
win7-20221111-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
koid.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
koid.exe
-
Size
1.7MB
-
MD5
937bd53a5f505b8e9b00416590ad8d92
-
SHA1
5abece11f9d282ec009bf441f132676344f1ede2
-
SHA256
662d56478c8fa24fb43b71cba64af8d941ddb90659c2412144b46137e2cc4c36
-
SHA512
2027fe14eff8cc0edd67be7f159e0710d79376aef11a70d4c0ad94d501667fd178780fb3a8f0c4481d2da32a3f6fd698e45cef297aee628cda1ae164e0434dd5
-
SSDEEP
49152:MXi87ZaoNcK9mVrSPYO1M+BrgdhwmzJnU:yvycBr
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 38 IoCs
Processes:
taskmgr.exepid process 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
taskmgr.exeAUDIODG.EXEdescription pid process Token: SeDebugPrivilege 936 taskmgr.exe Token: 33 1596 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1596 AUDIODG.EXE Token: 33 1596 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1596 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 51 IoCs
Processes:
taskmgr.exepid process 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe -
Suspicious use of SendNotifyMessage 50 IoCs
Processes:
taskmgr.exepid process 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe 936 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\koid.exe"C:\Users\Admin\AppData\Local\Temp\koid.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5001⤵
- Suspicious use of AdjustPrivilegeToken