549a14afcad80571ceeaa122d25db839636b2c022543a94f41df6df30a3aecd8

Analysis

max time kernel
17s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-01-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f12c1f31d22c7115487593aff5be63b.exe
Size

629KB
MD5

3f12c1f31d22c7115487593aff5be63b
SHA1

a6bceddfc5e465cd23a4c6b79ecaf9f254a3b573
SHA256

549a14afcad80571ceeaa122d25db839636b2c022543a94f41df6df30a3aecd8
SHA512

0c5a4d444abc3277320a391d8ad2d84880591f030e43cec131e5cb200f855f886f2a0da3714f84fb104e3359e47a512bab5271331d404f24c84f49f66f32a833
SSDEEP

6144:maUwFqqIs7JTmbbYhfYhxlZho6rSn7TB/KIGx+DoBx81kAWw32afGF9x5Lcbuhx7:XUEqqVwxvCCkDoH81rOF93a88MyV1Q

Score

1^/10

Malware Config

Signatures

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2632	schtasks.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2884	timeout.exe

C:\Users\Admin\AppData\Local\Temp\3f12c1f31d22c7115487593aff5be63b.exe
"C:\Users\Admin\AppData\Local\Temp\3f12c1f31d22c7115487593aff5be63b.exe"
1⤵
PID:2800
- C:\Users\Admin\AppData\Roaming\ServiceApi\MicrosoftApi.exe
  "C:\Users\Admin\AppData\Roaming\ServiceApi\MicrosoftApi.exe"
  2⤵
  PID:2828
- - C:\Windows\system32\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp9251.tmp.cmd""
    3⤵
    PID:2692
  - - C:\Windows\system32\timeout.exe
      timeout 4
      4⤵
      Delays execution with timeout.exe
      PID:2884
  - - C:\Windows\system32\schtasks.exe
      schtasks.exe /create /f /sc MINUTE /mo 1 /tn "MicrosoftApi" /tr "'C:\Users\Admin\AppData\Roaming\ServiceApi\MicrosoftApi.exe"'
      4⤵
      Creates scheduled task(s)
      PID:2632

C:\Windows\system32\taskeng.exe
taskeng.exe {83D24727-993A-457C-9780-324FBE656C39} S-1-5-21-3818056530-936619650-3554021955-1000:SFVRQGEO\Admin:Interactive:[1]
1⤵
PID:2604
- C:\Users\Admin\AppData\Roaming\ServiceApi\MicrosoftApi.exe
  C:\Users\Admin\AppData\Roaming\ServiceApi\MicrosoftApi.exe
  2⤵
  PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-22-0x000000013FD10000-0x000000013FDB2000-memory.dmp

Filesize
648KB

Download
memory/1892-23-0x000007FEF4D60000-0x000007FEF574C000-memory.dmp

Filesize
9.9MB

Download
memory/1892-24-0x000000001C240000-0x000000001C2C0000-memory.dmp

Filesize
512KB

Download
memory/1892-25-0x000007FEF4D60000-0x000007FEF574C000-memory.dmp

Filesize
9.9MB

Download
memory/1892-26-0x000000001C240000-0x000000001C2C0000-memory.dmp

Filesize
512KB

Download
memory/2800-0-0x000000013F0C0000-0x000000013F162000-memory.dmp

Filesize
648KB

Download
memory/2800-1-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/2800-10-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/2828-11-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/2828-9-0x000000013F7F0000-0x000000013F892000-memory.dmp

Filesize
648KB

Download
memory/2828-20-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads