Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
04/10/2023, 20:23
General
-
Target
a670d88d425f253abc35dc191db529b3f6518292a99a4c22c0c11c344110642c.exe
-
Size
2.9MB
-
MD5
9b8c83fd56f79b00505b6a44ef5c5469
-
SHA1
5268e93ac1142b92c634761e1ddba18dd6a2e255
-
SHA256
a670d88d425f253abc35dc191db529b3f6518292a99a4c22c0c11c344110642c
-
SHA512
b9fa4564c80f3ee782308b92f57933ab2ae6527c2ed00be054bad3c40286a13ff451c47bcab534dc91ee6a76f2433c3b4a8207ed260c5120c7da2509a9831471
-
SSDEEP
49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTlFPJz0EHhNsA4ytTgt:Q+8X9G3vP3AMDPJznJJ6
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 1 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 30 IoCs
-
Suspicious use of SendNotifyMessage 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\a670d88d425f253abc35dc191db529b3f6518292a99a4c22c0c11c344110642c.exe"C:\Users\Admin\AppData\Local\Temp\a670d88d425f253abc35dc191db529b3f6518292a99a4c22c0c11c344110642c.exe"1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB