5ac9df859dd2b107cb8f101c14cd3d882765ec8cb6b5e7deed04fdaffd4b0b9e | Triage

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15-11-2023 16:26

Sharing

Report Analysis Logs

General

Target

undetek-v3.5.exe
Size

81KB
MD5

7b373f254cf24a273e4567430676a17c
SHA1

4d45535772421fff42ccb81eb60deb9864d48a2b
SHA256

5ac9df859dd2b107cb8f101c14cd3d882765ec8cb6b5e7deed04fdaffd4b0b9e
SHA512

d781930e76d315acd41f1e05ee0c1c6e48703db0874938fd59d117be5397961aae7b169b7a5dd8e8bba0345e4118acbf0628a4a509e1b48616582e2d76f80709
SSDEEP

1536:VaC6AYi55JEzMvoZUf6zJaCb/ywP7OY9Uoi4Qoe+7:wUDWo/fkJa8/l7OYGDbZ+7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2508	undetek-v3.5.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2868	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2868	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe
2868	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\undetek-v3.5.exe
"C:\Users\Admin\AppData\Local\Temp\undetek-v3.5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2868-0-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2868-1-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download