9037458669491db05d62ab8e9bc5694725af03dd58837534d238e5c5c147fed3 | Triage

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19/04/2023, 15:35

Sharing

Report Analysis Logs

General

Target

4496ZappBykMVkGbrIEZAoCnjreo.exe
Size

1009KB
MD5

0bb170b0600756d3a36027daee13d878
SHA1

27444872244195d477ce03d1a56c7d2ed6100c08
SHA256

9037458669491db05d62ab8e9bc5694725af03dd58837534d238e5c5c147fed3
SHA512

8ae650c6efa36d2da2cdbcd42bbdd0ca11bdcd79682acccf75c9e5e7450c2542742deba862c5a890d67be189d86b614bee7b70fe68c82b57612c29c7a38b1f2f
SSDEEP

24576:JqDEvCTbMWu7rQYlBQcBiT6rprG8aoEYz0Dpaf:JTvC/MTQYxsWR7aoEU0Dpa

Score

1^/10

Malware Config

Signatures

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\winmgmts:{impersonationLevel=impersonate}!\root\cimv2	4496ZappBykMVkGbrIEZAoCnjreo.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe
324	4496ZappBykMVkGbrIEZAoCnjreo.exe

C:\Users\Admin\AppData\Local\Temp\4496ZappBykMVkGbrIEZAoCnjreo.exe
"C:\Users\Admin\AppData\Local\Temp\4496ZappBykMVkGbrIEZAoCnjreo.exe"
1⤵
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads