Analysis
-
max time kernel
49s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12-03-2023 16:17
Static task
static1
Behavioral task
behavioral1
Sample
HTTP_Downloader.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
HTTP_Downloader.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
libpcre2-16-0.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
libpcre2-16-0.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
psftp.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
psftp.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
zlib1.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
zlib1.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
HTTP_Downloader.exe
-
Size
506KB
-
MD5
e4961f8258fab54860931571b547e56d
-
SHA1
25178c069c83a65f8e6c0a30e65fff9a21e729f1
-
SHA256
d5fe08bc91939a418450245a57d8648146486984a7a257435ed2f15870df395d
-
SHA512
408f7dd5bdf257a9455abeb1d49afcffddfc81e8e4c41df9da2f5cc0e33e87a271d2a992b109b86313c11e4c9f7d14a85963d336908c4c05866fd5fd8fa7fde2
-
SSDEEP
12288:KSh9C/yvlRm8orGmkIEMUcgorGmkTVF1FeHf3VB2RMergUFpP:hbC/UlRm53D+kUFh
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 35 IoCs
pid Process 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1680 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1680 taskmgr.exe -
Suspicious use of FindShellTrayWindow 61 IoCs
pid Process 1352 HTTP_Downloader.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1352 HTTP_Downloader.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe -
Suspicious use of SendNotifyMessage 60 IoCs
pid Process 1352 HTTP_Downloader.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1352 HTTP_Downloader.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe 1680 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\HTTP_Downloader.exe"C:\Users\Admin\AppData\Local\Temp\HTTP_Downloader.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1352
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1680