78617ddf9a0067a32cb5d87a796c93a9618ac006ccdcb3c7c824fdeb6ec5fd59 | Triage

Analysis

max time kernel
37s
max time network
19s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 18:17

Sharing

Report Analysis Logs

General

Target

msiexec (4).exe
Size

71KB
MD5

eee470f2a771fc0b543bdeef74fceca0
SHA1

bd9bbb448dec04b1aaa8ae530e9814fdbce0a3d5
SHA256

78617ddf9a0067a32cb5d87a796c93a9618ac006ccdcb3c7c824fdeb6ec5fd59
SHA512

9a89fef9c26e3dc98afdc61eea66e2b4a52843495b3433c21b5a55e744db42268e3d10587817b4c8adc7bfcc99065e0f3a7b6a7a05b1218ce7bba129d5a105e2
SSDEEP

1536:8IvRkRp6QNVvCo2ki7N9wuEG99+E2bh3GFsYTf:8IvRk6QNVvCo2ki7N9wuEk9+E2bgFsYL

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2624	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2624	taskmgr.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe
2624	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\msiexec (4).exe
"C:\Users\Admin\AppData\Local\Temp\msiexec (4).exe"
1⤵
PID:2892

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2624-0-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2624-1-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2624-2-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download