Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 00:07
Behavioral task
behavioral1
Sample
308b3ee5afb967a4b4d97e80e8de9b9b.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
308b3ee5afb967a4b4d97e80e8de9b9b.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
308b3ee5afb967a4b4d97e80e8de9b9b.exe
-
Size
7.0MB
-
MD5
308b3ee5afb967a4b4d97e80e8de9b9b
-
SHA1
8fa3f0e37be0ae7178e12fbf1b8172dc5d64692f
-
SHA256
be7e9ca4df87a899bbe0d3e9b880f90f6da66b0fd95bf991b7533c5c5c0890d2
-
SHA512
3889b3b5d88a86a83bac2604fb48361c03019c4eed653fc45161d23106a5beccdb530f102d1cdb2f5a9d9ba62f421824de529f2b84563b8cd0bac33953113b55
-
SSDEEP
196608:jkWCnB0b0XCXcMrRLUX+LP6OPsZfB/bp1fOX5:gWGBY7sE+O0NjNOJ
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2876-2-0x000000013F3F0000-0x0000000140217000-memory.dmp vmprotect behavioral1/memory/2876-6-0x000000013F3F0000-0x0000000140217000-memory.dmp vmprotect behavioral1/memory/2876-11-0x000000013F3F0000-0x0000000140217000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2876 308b3ee5afb967a4b4d97e80e8de9b9b.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2876 308b3ee5afb967a4b4d97e80e8de9b9b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2876 wrote to memory of 2780 2876 308b3ee5afb967a4b4d97e80e8de9b9b.exe 29 PID 2876 wrote to memory of 2780 2876 308b3ee5afb967a4b4d97e80e8de9b9b.exe 29 PID 2876 wrote to memory of 2780 2876 308b3ee5afb967a4b4d97e80e8de9b9b.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\308b3ee5afb967a4b4d97e80e8de9b9b.exe"C:\Users\Admin\AppData\Local\Temp\308b3ee5afb967a4b4d97e80e8de9b9b.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2780
-