Analysis
-
max time kernel
60s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 08:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
605c35366b7c51d33746d7173b9a5169.exe
Resource
win7-20231215-en
2 signatures
150 seconds
General
-
Target
605c35366b7c51d33746d7173b9a5169.exe
-
Size
1.1MB
-
MD5
605c35366b7c51d33746d7173b9a5169
-
SHA1
f75fb8bb1b086ad55461ab18227d35811b4cc5d6
-
SHA256
4a67899d740ecd593679a000e4fd663474307306640d8862a2d986ba4ce3b189
-
SHA512
1459976dbc4fc81ace18c90e87cf39149971ed1e796c4e2997e1cb760d7dd299bad8bbef53c6ae7e6ee67e38dcb94c6768e1f7469b0890c28e48f4450c50f5f6
-
SSDEEP
24576:IxVxBeKif9i/ylluneUyxcaMep/ahpka:I/xBfyPfuneP1Mepy
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 1568 schtasks.exe 320 schtasks.exe 3036 schtasks.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\605c35366b7c51d33746d7173b9a5169.exe"C:\Users\Admin\AppData\Local\Temp\605c35366b7c51d33746d7173b9a5169.exe"1⤵PID:1680
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"2⤵PID:2896
-
C:\Windows\SysWOW64\schtasks.exe"schtasks.exe" /create /f /tn "LAN Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp8B9.tmp"3⤵
- Creates scheduled task(s)
PID:1568
-
-
C:\Windows\SysWOW64\schtasks.exe"schtasks.exe" /create /f /tn "LAN Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmp879.tmp"3⤵
- Creates scheduled task(s)
PID:320
-
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sjxNYmz" /XML "C:\Users\Admin\AppData\Local\Temp\tmp751.tmp"2⤵
- Creates scheduled task(s)
PID:3036
-