Analysis
-
max time kernel
142s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 00:07
Behavioral task
behavioral1
Sample
30a9b1c51b6ce3cd0a3f21a86d5a943b.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
30a9b1c51b6ce3cd0a3f21a86d5a943b.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
30a9b1c51b6ce3cd0a3f21a86d5a943b.exe
-
Size
5.5MB
-
MD5
30a9b1c51b6ce3cd0a3f21a86d5a943b
-
SHA1
51225885759708c9aaa0c549bccc4f0df4b91989
-
SHA256
493d0ba19f480e39541089c0ddbed0825c61d3cf9bf5824a56cda5646e8c8c9a
-
SHA512
7d336ea84a0fe02efb5e6cd1287a409eeaef44359563bc43c49703493db91cade7dda40fcc53bcc0cfaf97a6d8d98e121f0019b41b53d8323f2e39387437a3aa
-
SSDEEP
98304:cCCjzRY0cyKXwmUC1dH2dnqEqjhfv2bOfPhFf0McQn3lI0ZE:cCVdyKRUCXWdqEqFfvv/0MX1Z
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/972-1-0x00007FF7E30A0000-0x00007FF7E3A68000-memory.dmp vmprotect behavioral2/memory/972-2-0x00007FF7E30A0000-0x00007FF7E3A68000-memory.dmp vmprotect behavioral2/memory/972-6-0x00007FF7E30A0000-0x00007FF7E3A68000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 972 30a9b1c51b6ce3cd0a3f21a86d5a943b.exe 972 30a9b1c51b6ce3cd0a3f21a86d5a943b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 972 wrote to memory of 828 972 30a9b1c51b6ce3cd0a3f21a86d5a943b.exe 89 PID 972 wrote to memory of 828 972 30a9b1c51b6ce3cd0a3f21a86d5a943b.exe 89 PID 972 wrote to memory of 2156 972 30a9b1c51b6ce3cd0a3f21a86d5a943b.exe 91 PID 972 wrote to memory of 2156 972 30a9b1c51b6ce3cd0a3f21a86d5a943b.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\30a9b1c51b6ce3cd0a3f21a86d5a943b.exe"C:\Users\Admin\AppData\Local\Temp\30a9b1c51b6ce3cd0a3f21a86d5a943b.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c Color B2⤵PID:828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2156
-