0aa7571d06532fea194a62091a812557a8f8b8d616ffd923df766a4871f4a918 | Triage

Resubmissions

05-05-2023 10:14

230505-l92dlabc9s 3

05-05-2023 10:03

230505-l3jj7shc98 3

Analysis

max time kernel
124s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 10:14

Sharing

Report Analysis Logs

General

Target

0aa7571d06532fea194a62091a812557a8f8b8d616ffd923df766a4871f4a918.exe
Size

5.2MB
MD5

dd6931fda2df843249a5df40b8808387
SHA1

e9d6bdca9bb7fd010b44111771818d9965072212
SHA256

0aa7571d06532fea194a62091a812557a8f8b8d616ffd923df766a4871f4a918
SHA512

3bccfa6e17f47fe43eef75e8d19fb6e3328230ef240593031cfe9e00ffbb5f9f095ff2fc48fff0f9935753fa7ee6e78968d17cfdc80d25c5eccf4708dc94224b
SSDEEP

49152:q42WxCBoOsDSSSQ4YOz15YYpnHXf+8Pib0ARc73OamQX2pqkzfAp01Sm:q42mCp+jN4Jz1/f+C6Vqm

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
784	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	784	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe
784	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\0aa7571d06532fea194a62091a812557a8f8b8d616ffd923df766a4871f4a918.exe
"C:\Users\Admin\AppData\Local\Temp\0aa7571d06532fea194a62091a812557a8f8b8d616ffd923df766a4871f4a918.exe"
1⤵
PID:1596

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/784-54-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download