Resubmissions
31/03/2023, 15:49
230331-s9f6zscf4z 10Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31/03/2023, 15:49
Static task
static1
Behavioral task
behavioral1
Sample
NoEscape.exe
Resource
win7-20230220-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
NoEscape.exe
Resource
win10v2004-20230220-en
12 signatures
150 seconds
General
-
Target
NoEscape.exe
-
Size
666KB
-
MD5
989ae3d195203b323aa2b3adf04e9833
-
SHA1
31a45521bc672abcf64e50284ca5d4e6b3687dc8
-
SHA256
d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
-
SHA512
e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305
-
SSDEEP
12288:85J5X487qJUtcWfkVJ6g5s/cD01oKHQyis2AePsr8nP712TB:s487pcZEgwcDpg1L2tbPR2t
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 1156 taskmgr.exe Token: 33 1436 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1436 AUDIODG.EXE Token: 33 1436 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1436 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 32 IoCs
pid Process 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe 1156 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\NoEscape.exe"C:\Users\Admin\AppData\Local\Temp\NoEscape.exe"1⤵PID:616
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1156
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x17c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1436
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1376