Analysis
-
max time kernel
29s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
18-06-2023 05:29
Behavioral task
behavioral1
Sample
decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe
Resource
win10v2004-20230220-en
General
-
Target
decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe
-
Size
22.2MB
-
MD5
34028e2d59d73ba916600cecd5334c4b
-
SHA1
4e6575aefaaec7386a2b49201d065bf570ef920b
-
SHA256
decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3
-
SHA512
07c9dd03ebda2cb052c0aac573a4a171f41b9c04b72d2930df2f0b85cb1436b9fd8ff4de5a3e11b077e8a2b2b24f18b0528f0d46ff524dc6d5bdeaf91dbf0a60
-
SSDEEP
393216:Cai0ZMwOuyq8JO6aNKwHVbbZ0ErC+fuVxL6jkCGMiMW7DnKSCK:avqiGQwUKBg6GMiv7f
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exedescription pid process Token: SeShutdownPrivilege 1264 decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exepid process 1264 decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe 1264 decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe"C:\Users\Admin\AppData\Local\Temp\decc5c92b09bb6ef97ad68caf0ec802c530aa8974cd6a90ab313c8a309bf27f3.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1264