Analysis
-
max time kernel
79s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
05-04-2023 19:52
Behavioral task
behavioral1
Sample
a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
General
-
Target
a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
-
Size
13KB
-
MD5
489e088030eae6acf86c690cb42352b4
-
SHA1
943a6abb8d2ff25ae6b54c953b211879328a5123
-
SHA256
a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9
-
SHA512
78e7d85f57f0b85a71c617d4bea8783b433340a006756064181745a85b3de8d49f66ca3b460414406d1e83b525134aba0f6451c53b95f5ed482604c8395e6b99
-
SSDEEP
192:C2WjQTbZ1eBppvfj/j2+cPM3P+Q/tCvwSw3uM76V9bhHOkrUN9:C2jTbZ0pj/vcqP+ctCYSw3GV9bhrUN
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exedescription ioc process File created C:\Windows\Tasks\wow64.job a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe File opened for modification C:\Windows\Tasks\wow64.job a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
taskeng.exedescription pid process target process PID 432 wrote to memory of 1152 432 taskeng.exe a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe PID 432 wrote to memory of 1152 432 taskeng.exe a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe PID 432 wrote to memory of 1152 432 taskeng.exe a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe PID 432 wrote to memory of 1152 432 taskeng.exe a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {C2AE5A8C-5AA8-47E7-9C04-D4DB3F35E8BA} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exeC:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe start2⤵