Analysis
-
max time kernel
0s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 10:21
Static task
static1
Behavioral task
behavioral1
Sample
abb84f7bbcc5585765153cd445c8c07d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
abb84f7bbcc5585765153cd445c8c07d.exe
Resource
win10v2004-20231222-en
General
-
Target
abb84f7bbcc5585765153cd445c8c07d.exe
-
Size
1.1MB
-
MD5
abb84f7bbcc5585765153cd445c8c07d
-
SHA1
69707e556ebd88aec6414c0c5a481b235ad2eead
-
SHA256
149e9d049c83abff4843e0fab7f6cde552aef61e32a53d61e76f6c5adc3db25f
-
SHA512
12752cdde51c29b3fb4afc16405881681f06e3f4abc8b4912c35f366af6d2bc84ae321110a6ee11f1b8d0ab557975c9892ca0977b149c59f24735c0076d33a38
-
SSDEEP
12288:TGPoV34JStlA/afwCtrduIyCuUy21lbyOuJOmBws5o8pewY3:T0uqipuIySjQes5oSel
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 912 schtasks.exe 228 schtasks.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\abb84f7bbcc5585765153cd445c8c07d.exe"C:\Users\Admin\AppData\Local\Temp\abb84f7bbcc5585765153cd445c8c07d.exe"1⤵PID:452
-
C:\Users\Admin\AppData\Local\Temp\SecurityHealthService.exe"C:\Users\Admin\AppData\Local\Temp\SecurityHealthService.exe"2⤵PID:4768
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /create /f /tn "SMTP Subsystem Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp4D08.tmp"3⤵
- Creates scheduled task(s)
PID:912
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /create /f /tn "SMTP Subsystem" /xml "C:\Users\Admin\AppData\Local\Temp\tmp4CD8.tmp"3⤵
- Creates scheduled task(s)
PID:228
-
-
-
C:\Users\Admin\AppData\Local\Temp\Tayz Woofer.exe"C:\Users\Admin\AppData\Local\Temp\Tayz Woofer.exe"2⤵PID:4168
-