Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
30-10-2023 17:29
Static task
static1
Behavioral task
behavioral1
Sample
4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe
Resource
win10v2004-20231020-en
General
-
Target
4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe
-
Size
3.1MB
-
MD5
45e4677379586dbe595232297d095271
-
SHA1
99413bca1143df223faa6bad5e776f6975cb98a7
-
SHA256
4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df
-
SHA512
63067ce20b2587d2f1268d85b3a71497dcfc39e831a363bf585daa2726f3897cc72877ca6d7b68b64d4d7103a1270ff13bd444537055ea2ae96757b5d327e445
-
SSDEEP
49152:Tfv/XRm3fUHv648igad1UUi9Gi2G+KXflCCygqH9T53/A1Nc3Wad:TH/b6YgafUT2GhtnIP/CO
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Thong tin.txt 4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 3 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2044 4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2044 4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2044 4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe 2044 4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe 2044 4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe"C:\Users\Admin\AppData\Local\Temp\4e2ea508a06639416efec00d00180306b5e0f819bdf70cee1cd88acf901c04df.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2044