Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
04-11-2023 07:06
Behavioral task
behavioral1
Sample
E-FILLING FORM B.exe
Resource
win7-20231023-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
E-FILLING FORM B.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
E-FILLING FORM B.exe
-
Size
2.3MB
-
MD5
252278969fa0d8c1cc719e73b61a76a4
-
SHA1
e1c516032393ebc83d5e2e44c72aa8f636ccd0b2
-
SHA256
617cc50e0428e187c69d94da100ea9d3653a1b557e0cb76ba8a767a919192195
-
SHA512
a65fef823d9d781909f2d03cf9c647f0ce60d88d5dd8cf56375338f2f3541c38d5e27432347d74f6e5b3eb21788e03ba0ccb75b4ce64c01dd13f3e61e1118b42
-
SSDEEP
49152:ikWk5cS7a+9XYaQ9Zehc4mTYJ78V9gyBn4c0fmP/SA8N:WajJSZ942KQV9hp4dfmP/SA8
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
E-FILLING FORM B.exepid process 2828 E-FILLING FORM B.exe 2828 E-FILLING FORM B.exe 2828 E-FILLING FORM B.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
E-FILLING FORM B.exedescription pid process target process PID 2828 wrote to memory of 3648 2828 E-FILLING FORM B.exe cmd.exe PID 2828 wrote to memory of 3648 2828 E-FILLING FORM B.exe cmd.exe PID 2828 wrote to memory of 3648 2828 E-FILLING FORM B.exe cmd.exe