b5159f8ae16deda7aa5d55100a0eac6e5dacd1f6502689b543513a742353d1ea | Triage

Analysis

max time kernel
139s
max time network
154s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
22-08-2023 19:09

Sharing

Report Analysis Logs

General

Target

TaskMgr.exe
Size

148KB
MD5

117c97ef49ae641ba988d95411ce7f92
SHA1

0bd01aa647fd21d7dd551a380e4ca3a0b52e6f2a
SHA256

b5159f8ae16deda7aa5d55100a0eac6e5dacd1f6502689b543513a742353d1ea
SHA512

b3de8a2c141c9774e51528ea7cae285b3d15be9d453968e6f2a0f03365dd340d9fd28b71cd52082a66d725a8df61610366efd5065f7315ccfc1feb6c736a10d3
SSDEEP

3072:7j30Vm402mSPUnWcSblTRe4R3Y9srFekDsoPd754oieP:K8SPlcmTQy3YIJ545e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

TaskMgr.exeTaskMgr.exe

pid process

3328 TaskMgr.exe
3328 TaskMgr.exe
3328 TaskMgr.exe
3328 TaskMgr.exe
4464 TaskMgr.exe
4464 TaskMgr.exe
4464 TaskMgr.exe
4464 TaskMgr.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

TaskMgr.exeTaskMgr.exe

description	pid	process
Token: SeDebugPrivilege	3328	TaskMgr.exe
Token: SeDebugPrivilege	3328	TaskMgr.exe
Token: SeDebugPrivilege	4464	TaskMgr.exe
Token: SeDebugPrivilege	4464	TaskMgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

TaskMgr.exeTaskMgr.exe

pid process

3328 TaskMgr.exe
3328 TaskMgr.exe
4464 TaskMgr.exe
4464 TaskMgr.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 364 wrote to memory of 4464	364	cmd.exe	TaskMgr.exe
PID 364 wrote to memory of 4464	364	cmd.exe	TaskMgr.exe
PID 364 wrote to memory of 4464	364	cmd.exe	TaskMgr.exe

C:\Users\Admin\AppData\Local\Temp\TaskMgr.exe
"C:\Users\Admin\AppData\Local\Temp\TaskMgr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3328

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:364

C:\Users\Admin\AppData\Local\Temp\TaskMgr.exe
TaskMgr.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads