Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11-10-2023 14:50
Behavioral task
behavioral1
Sample
Inv No 46281.exe
Resource
win7-20230831-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Inv No 46281.exe
Resource
win10v2004-20230915-en
3 signatures
150 seconds
General
-
Target
Inv No 46281.exe
-
Size
2.6MB
-
MD5
9c55c5482f2599282613a9677dc9010c
-
SHA1
441e9706756e28d2112f60e1a5fe3c0ed4368a8c
-
SHA256
c8bc425f3201c25f61942597a5bd5f7ca2410a9c04811ae0180cb047d7701f43
-
SHA512
07c8da517ad919df750a1c1a13007583be76e8f113960e76f6c1b984b63710ea0ebf3966ce06aef19575fe0a7008bbe2bd802578f8ceb1b6b92b1cc03dd3f19a
-
SSDEEP
49152:zbYHwQf1ukWk5cS7a+9XYaQtZehc4mTYJ78V9gyBn4cgfmP/SA8N9bYHwQf1:zbnajJ2Z942KQV9hp4BfmP/SA8nb
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
Inv No 46281.exepid process 2176 Inv No 46281.exe 2176 Inv No 46281.exe 2176 Inv No 46281.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Inv No 46281.exedescription pid process target process PID 2176 wrote to memory of 2988 2176 Inv No 46281.exe cmd.exe PID 2176 wrote to memory of 2988 2176 Inv No 46281.exe cmd.exe PID 2176 wrote to memory of 2988 2176 Inv No 46281.exe cmd.exe PID 2176 wrote to memory of 2988 2176 Inv No 46281.exe cmd.exe