Analysis
-
max time kernel
148s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 04:23
Behavioral task
behavioral1
Sample
633c69b00d71bec0c918b73938434b95.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
633c69b00d71bec0c918b73938434b95.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
633c69b00d71bec0c918b73938434b95.exe
-
Size
2.6MB
-
MD5
633c69b00d71bec0c918b73938434b95
-
SHA1
36f60e90479d7676a0fa8c85cdb8a8eba1bfbbe2
-
SHA256
cfad85836104b5a1d7a52c99630852c33b73e0636da44ee24b2665d7312fe286
-
SHA512
bab8df963a6536b0c21e1976f0bf1e6e6347047d63a55dbf17afcf89945b9427aa705c058ded307bc919b80725a75cb909ba9784a77337680783d9e0d448e129
-
SSDEEP
49152:bzddGlxemn3EOrLbizKFtIuevdlB3rGqn955+8kGSbjUZmHHETyw:3gQZOrXFIvvdloqnF+bvbz
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1052-1-0x00007FF7C9980000-0x00007FF7C9EB4000-memory.dmp vmprotect behavioral2/memory/1052-5-0x00007FF7C9980000-0x00007FF7C9EB4000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1052 633c69b00d71bec0c918b73938434b95.exe 1052 633c69b00d71bec0c918b73938434b95.exe 1052 633c69b00d71bec0c918b73938434b95.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1052 wrote to memory of 5024 1052 633c69b00d71bec0c918b73938434b95.exe 22 PID 1052 wrote to memory of 5024 1052 633c69b00d71bec0c918b73938434b95.exe 22 PID 1052 wrote to memory of 3372 1052 633c69b00d71bec0c918b73938434b95.exe 24 PID 1052 wrote to memory of 3372 1052 633c69b00d71bec0c918b73938434b95.exe 24
Processes
-
C:\Users\Admin\AppData\Local\Temp\633c69b00d71bec0c918b73938434b95.exe"C:\Users\Admin\AppData\Local\Temp\633c69b00d71bec0c918b73938434b95.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1052 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:5024
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0a2⤵PID:3372
-