Analysis
-
max time kernel
124s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
05-04-2023 19:11
Behavioral task
behavioral1
Sample
A21619B981F4E2B4A1858F0457B42491EF99688278816.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
A21619B981F4E2B4A1858F0457B42491EF99688278816.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
A21619B981F4E2B4A1858F0457B42491EF99688278816.exe
-
Size
13KB
-
MD5
489e088030eae6acf86c690cb42352b4
-
SHA1
943a6abb8d2ff25ae6b54c953b211879328a5123
-
SHA256
a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9
-
SHA512
78e7d85f57f0b85a71c617d4bea8783b433340a006756064181745a85b3de8d49f66ca3b460414406d1e83b525134aba0f6451c53b95f5ed482604c8395e6b99
-
SSDEEP
192:C2WjQTbZ1eBppvfj/j2+cPM3P+Q/tCvwSw3uM76V9bhHOkrUN9:C2jTbZ0pj/vcqP+ctCYSw3GV9bhrUN
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
A21619B981F4E2B4A1858F0457B42491EF99688278816.exedescription ioc process File opened for modification C:\Windows\Tasks\wow64.job A21619B981F4E2B4A1858F0457B42491EF99688278816.exe File created C:\Windows\Tasks\wow64.job A21619B981F4E2B4A1858F0457B42491EF99688278816.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 1736 wrote to memory of 316 1736 taskeng.exe A21619B981F4E2B4A1858F0457B42491EF99688278816.exe PID 1736 wrote to memory of 316 1736 taskeng.exe A21619B981F4E2B4A1858F0457B42491EF99688278816.exe PID 1736 wrote to memory of 316 1736 taskeng.exe A21619B981F4E2B4A1858F0457B42491EF99688278816.exe PID 1736 wrote to memory of 316 1736 taskeng.exe A21619B981F4E2B4A1858F0457B42491EF99688278816.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\A21619B981F4E2B4A1858F0457B42491EF99688278816.exe"C:\Users\Admin\AppData\Local\Temp\A21619B981F4E2B4A1858F0457B42491EF99688278816.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {DC290BEC-7470-4D67-9513-29BEBEC58496} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A21619B981F4E2B4A1858F0457B42491EF99688278816.exeC:\Users\Admin\AppData\Local\Temp\A21619B981F4E2B4A1858F0457B42491EF99688278816.exe start2⤵