8bc7ba209a8cddb8fd2c9dff60a825420957189423ea83b0847ecb51185d26ce | Triage

Analysis

max time kernel
150s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15-04-2023 19:49

Sharing

Report Analysis Logs

General

Target

se12ydam.exe
Size

112KB
MD5

0d86fb5002c58db1181ee3324ad071e4
SHA1

db42eb8b264c9d02e33613dac20c5281eeb46b23
SHA256

8bc7ba209a8cddb8fd2c9dff60a825420957189423ea83b0847ecb51185d26ce
SHA512

db6af5a866e82c3401ad6a7e4bd05fc2ceb905e8215f996100640dac314bb60170596590a74a33815bd9619a5f139f5a2f10dfc4b1dd15c7ca919e44902afead
SSDEEP

1536:m8yC10rMQO+sY2sfiVs1gNm9Ch/QunKmyiXyWSmVBbO4226fyOwl:P10rMQLslst9AhY8yqyrmrG2uNwl

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2008	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe
2008	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\se12ydam.exe
"C:\Users\Admin\AppData\Local\Temp\se12ydam.exe"
1⤵
PID:1204

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-54-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2008-55-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2008-56-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download