Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 01:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
09e05ec2fa77c042dd48b23bd87af5d1.exe
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
09e05ec2fa77c042dd48b23bd87af5d1.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
09e05ec2fa77c042dd48b23bd87af5d1.exe
-
Size
3.8MB
-
MD5
09e05ec2fa77c042dd48b23bd87af5d1
-
SHA1
2ec328691c32e8ac656996e807dffcb79be4bd1e
-
SHA256
0983711a6cc222d52cf7dd6092c6232126a12736f379f64d5b8cf4f4a475fd5e
-
SHA512
134f9b06ea9837f6480b2bda9bc4360d1fd12685fc5cb7f2dd0363f9d57ee29a06bb3c19573f20ad8fa0e3ef2384b76341a1490d87758349a2158b294f1937c6
-
SSDEEP
98304:UFaONQkFkUZV8LZZilJvvu0MxJL+6ffjbW3bvdPGVmF1nDWSEnl/:UFayFhAZOvqp+6ffPAZPImTKScl
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
pid Process 2284 netsh.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created \??\c:\windows\0172847.tmp 09e05ec2fa77c042dd48b23bd87af5d1.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2148 09e05ec2fa77c042dd48b23bd87af5d1.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2148 wrote to memory of 2284 2148 09e05ec2fa77c042dd48b23bd87af5d1.exe 93 PID 2148 wrote to memory of 2284 2148 09e05ec2fa77c042dd48b23bd87af5d1.exe 93 PID 2148 wrote to memory of 2284 2148 09e05ec2fa77c042dd48b23bd87af5d1.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\09e05ec2fa77c042dd48b23bd87af5d1.exe"C:\Users\Admin\AppData\Local\Temp\09e05ec2fa77c042dd48b23bd87af5d1.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Windows\SysWOW64\netsh.exenetsh firewall set opmode disable2⤵
- Modifies Windows Firewall
PID:2284
-