Analysis
-
max time kernel
51s -
max time network
54s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
26-03-2023 04:35
Static task
static1
Behavioral task
behavioral1
Sample
INF_SPOOFER.exe
Resource
win10-20230220-en
windows10-1703-x64
6 signatures
150 seconds
General
-
Target
INF_SPOOFER.exe
-
Size
9.6MB
-
MD5
1bded5cdf27444dadb39a32b7f92b78d
-
SHA1
ffbd195733be4c539a54d3a6c2bb9268c742cc95
-
SHA256
9fe49293ebb853d9bee570e59c7e2e76f4b4e2f9857302de439b69a4dd477a80
-
SHA512
fa7b0d586bbc98047d77853cf0cc00c10a4af3987f0492faaaaace5845a7cf76c1b5129df43d844a882dfe3ef7028351146b0d687b6b73904e010c6a470ffb78
-
SSDEEP
196608:SgsQqTRtPCuVdirulPJ8x3IWu1tzV2NIwo17o6K6Z:SgsQOzKQiMPJ6IW6tzV2Kb1yc
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
INF_SPOOFER.exedescription ioc process File opened for modification \??\PhysicalDrive0 INF_SPOOFER.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
INF_SPOOFER.exepid process 3260 INF_SPOOFER.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
INF_SPOOFER.exepid process 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
INF_SPOOFER.exepid process 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe -
Suspicious use of SendNotifyMessage 7 IoCs
Processes:
INF_SPOOFER.exepid process 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
INF_SPOOFER.exepid process 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe 3260 INF_SPOOFER.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\INF_SPOOFER.exe"C:\Users\Admin\AppData\Local\Temp\INF_SPOOFER.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx