Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/01/2024, 18:40
Behavioral task
behavioral1
Sample
Device/HarddiskVolume8/UB_AHO_AG/kannan/Downloads/GraboidVideoInstaller-4.4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Device/HarddiskVolume8/UB_AHO_AG/kannan/Downloads/GraboidVideoInstaller-4.4.exe
Resource
win10v2004-20231215-en
General
-
Target
Device/HarddiskVolume8/UB_AHO_AG/kannan/Downloads/GraboidVideoInstaller-4.4.exe
-
Size
666KB
-
MD5
7e683c2e5f9438afe90349a92a13be06
-
SHA1
b247e8dcf2827fe4b0cd4af252ae60704e6c5f7b
-
SHA256
c9a107adae581da07be7b65ee046cd953ee27e9b1cb4f7b3e9c82eb2dfaa85bf
-
SHA512
c7478bc751814a2bba46d421d14c9e3faee195465ee490bd96bd8a507eaa9a5faa023d2c018c55042936f9c4a1eee0a05c42615a24efcd0dfe08dbe4f2af9ea3
-
SSDEEP
12288:36Wq4aaE6KwyF5L0Y2D1PqLH2DyXqMhaAmRSvRSds3kST0YT:VthEVaPqLH2DnMaqUsyY
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1956-0-0x0000000000400000-0x0000000000512000-memory.dmp upx behavioral1/memory/1956-15-0x0000000000400000-0x0000000000512000-memory.dmp upx behavioral1/memory/1956-19-0x0000000000400000-0x0000000000512000-memory.dmp upx -
AutoIT Executable 2 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/1956-15-0x0000000000400000-0x0000000000512000-memory.dmp autoit_exe behavioral1/memory/1956-19-0x0000000000400000-0x0000000000512000-memory.dmp autoit_exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1956 GraboidVideoInstaller-4.4.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe 1956 GraboidVideoInstaller-4.4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume8\UB_AHO_AG\kannan\Downloads\GraboidVideoInstaller-4.4.exe"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume8\UB_AHO_AG\kannan\Downloads\GraboidVideoInstaller-4.4.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD591d40710996138b11c536cded0ea321b
SHA111d77aed7e6b4103374b6864f13063d0fe53d51d
SHA256a55acc357eb49ef9f598492c85a9fccdb3901adad509766bfd7b1625ee7066dc
SHA512bb55fdb7ceb162646b6757532d3a34c1cccfdce07d1cb3de4751b23cd0f70e48e523d19d5403633888a3e066be4a8e21c25051df3f3b5a9d37740de2855c8002