Analysis
-
max time kernel
140s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
21/08/2023, 05:16
General
-
Target
145a45e9e2061f80e13f746f029005841ea7088d2f5e2b766d375a03149b56f5.exe
-
Size
1.4MB
-
MD5
b5705da30cdc187a200e8162f59934ce
-
SHA1
d1efb8187dc3f8490dabe6acca9eeed4b873d880
-
SHA256
145a45e9e2061f80e13f746f029005841ea7088d2f5e2b766d375a03149b56f5
-
SHA512
61fa5358c9a8fcca1070123dbf73eb3e69b93675c5b6c0c82f731a68e05f6935020388637c6218db0a6d1ab1a1e6be333cb300b495eb6a0be0b2ac43874c7adb
-
SSDEEP
24576:jU5gnPBXu2MDLGdj1UywIQa4Nz9i1uiEmFj/2K4+4Jf+jCwGM6soP2du:qK5u2QLG1Qa4R9i1uiEjM4J4ToP2
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Kills process with taskkill 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\145a45e9e2061f80e13f746f029005841ea7088d2f5e2b766d375a03149b56f5.exe"C:\Users\Admin\AppData\Local\Temp\145a45e9e2061f80e13f746f029005841ea7088d2f5e2b766d375a03149b56f5.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c TASKKILL /F /IM "steam.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exeTASKKILL /F /IM "steam.exe"3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c Start steam://2⤵
- Modifies registry class
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx