Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 12:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SoftWare.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
SoftWare.exe
-
Size
758KB
-
MD5
0462ee257d052e3ee8a64f9ecb7f5f2f
-
SHA1
fcaf1010cff904c8e8b46cec2ddd6b0f1fd6aad4
-
SHA256
0abd9055702e5708497f5cd1032c9f57f5c4b2a5acb60309ef9e605213b1d41b
-
SHA512
4d9b5dbba521300d1b994754967224b448cd654430388f6993765b6aed7e3454801f798f97e4e997422b4ab060b2746824a240acf2ff8bae0990e5d206730bce
-
SSDEEP
12288:+i87P1HvYxCi3F2umVkNqnzPmYEF/lHFe0XM5+iPq30zViKBa05R:I7P1PYx13oBtzMTFrXM5+H30zsKBa0
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2408 set thread context of 2360 2408 SoftWare.exe 29 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2408 SoftWare.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2408 wrote to memory of 2496 2408 SoftWare.exe 28 PID 2408 wrote to memory of 2496 2408 SoftWare.exe 28 PID 2408 wrote to memory of 2496 2408 SoftWare.exe 28 PID 2408 wrote to memory of 2496 2408 SoftWare.exe 28 PID 2408 wrote to memory of 2496 2408 SoftWare.exe 28 PID 2408 wrote to memory of 2496 2408 SoftWare.exe 28 PID 2408 wrote to memory of 2496 2408 SoftWare.exe 28 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29 PID 2408 wrote to memory of 2360 2408 SoftWare.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\SoftWare.exe"C:\Users\Admin\AppData\Local\Temp\SoftWare.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2496
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2360
-