Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
26-09-2023 10:37
Behavioral task
behavioral1
Sample
Inv No 46281.exe
Resource
win7-20230831-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Inv No 46281.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Inv No 46281.exe
-
Size
2.6MB
-
MD5
9c55c5482f2599282613a9677dc9010c
-
SHA1
441e9706756e28d2112f60e1a5fe3c0ed4368a8c
-
SHA256
c8bc425f3201c25f61942597a5bd5f7ca2410a9c04811ae0180cb047d7701f43
-
SHA512
07c8da517ad919df750a1c1a13007583be76e8f113960e76f6c1b984b63710ea0ebf3966ce06aef19575fe0a7008bbe2bd802578f8ceb1b6b92b1cc03dd3f19a
-
SSDEEP
49152:zbYHwQf1ukWk5cS7a+9XYaQtZehc4mTYJ78V9gyBn4cgfmP/SA8N9bYHwQf1:zbnajJ2Z942KQV9hp4BfmP/SA8nb
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
Inv No 46281.exepid Process 2956 Inv No 46281.exe 2956 Inv No 46281.exe 2956 Inv No 46281.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Inv No 46281.exedescription pid Process procid_target PID 2956 wrote to memory of 2060 2956 Inv No 46281.exe 28 PID 2956 wrote to memory of 2060 2956 Inv No 46281.exe 28 PID 2956 wrote to memory of 2060 2956 Inv No 46281.exe 28 PID 2956 wrote to memory of 2060 2956 Inv No 46281.exe 28