Analysis
-
max time kernel
96s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
25-12-2023 22:36
General
-
Target
40a4d62c0a6870c1ed6a2a790c416d2b.exe
-
Size
89KB
-
MD5
40a4d62c0a6870c1ed6a2a790c416d2b
-
SHA1
1d657e60926827b170a41648e0dfccba93b4dd5d
-
SHA256
7bffcfb02a86d4da984c2ba742bc27b4bb62399ed9837b9633cbd116269bc7c5
-
SHA512
e7522cfc99f636dd731d667e8a3b7edbe3a6418172cb0164dd07919841380eef9e42dea08209e38206771d5c36e26819e7afb4d13ff6afc467583459e051c58b
-
SSDEEP
1536:zgaLdNo2yb3wyNFeQsJ1EOCCovlzFgEOHgq9s+4sZH9WuBik0XFPTbMpMOc5eg+x:rLPo22jeQGaOloNzaW6ukQbI50eEZgC
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 3 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\40a4d62c0a6870c1ed6a2a790c416d2b.exe"C:\Users\Admin\AppData\Local\Temp\40a4d62c0a6870c1ed6a2a790c416d2b.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\w32tm.exew32tm /config /update2⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\w32tm.exew32tm /config /syncfromflags:manual /manualpeerlist:time.windows.com,time.nist.gov2⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\system32\w32tm.exew32tm /config /update1⤵
-
C:\Windows\system32\w32tm.exew32tm /config /syncfromflags:manual /manualpeerlist:time.windows.com,time.nist.gov1⤵