Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 04:23
Behavioral task
behavioral1
Sample
633c69b00d71bec0c918b73938434b95.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
633c69b00d71bec0c918b73938434b95.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
633c69b00d71bec0c918b73938434b95.exe
-
Size
2.6MB
-
MD5
633c69b00d71bec0c918b73938434b95
-
SHA1
36f60e90479d7676a0fa8c85cdb8a8eba1bfbbe2
-
SHA256
cfad85836104b5a1d7a52c99630852c33b73e0636da44ee24b2665d7312fe286
-
SHA512
bab8df963a6536b0c21e1976f0bf1e6e6347047d63a55dbf17afcf89945b9427aa705c058ded307bc919b80725a75cb909ba9784a77337680783d9e0d448e129
-
SSDEEP
49152:bzddGlxemn3EOrLbizKFtIuevdlB3rGqn955+8kGSbjUZmHHETyw:3gQZOrXFIvvdloqnF+bvbz
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/292-1-0x000000013F950000-0x000000013FE84000-memory.dmp vmprotect behavioral1/memory/292-10-0x000000013F950000-0x000000013FE84000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 292 633c69b00d71bec0c918b73938434b95.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 292 wrote to memory of 2932 292 633c69b00d71bec0c918b73938434b95.exe 29 PID 292 wrote to memory of 2932 292 633c69b00d71bec0c918b73938434b95.exe 29 PID 292 wrote to memory of 2932 292 633c69b00d71bec0c918b73938434b95.exe 29 PID 292 wrote to memory of 1404 292 633c69b00d71bec0c918b73938434b95.exe 30 PID 292 wrote to memory of 1404 292 633c69b00d71bec0c918b73938434b95.exe 30 PID 292 wrote to memory of 1404 292 633c69b00d71bec0c918b73938434b95.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\633c69b00d71bec0c918b73938434b95.exe"C:\Users\Admin\AppData\Local\Temp\633c69b00d71bec0c918b73938434b95.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:292 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2932
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0a2⤵PID:1404
-