Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:11
Static task
static1
Behavioral task
behavioral1
Sample
750f0c298d126fe41f6ea52ef84389bc.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
General
-
Target
750f0c298d126fe41f6ea52ef84389bc.exe
-
Size
8KB
-
MD5
750f0c298d126fe41f6ea52ef84389bc
-
SHA1
9dff0d71cf3f2de7c78f17b9f3b01f75a64e3687
-
SHA256
dd02e2a6f580af520625c84f08991d708c2614ee85184a5abdd86359a79cac1d
-
SHA512
526f669871bbfa75a8c1380f8588eadf5dedb381dbf97a4bf13ed68bfecd26fb00748cd00cbb918ce0f62b96fc984d5b4018adbea8c351bbb5f88d9791d71781
-
SSDEEP
192:aVl/yowJL/aMjGwP7PMZvz+ebMeFMn0TP:u/YJLW/vlbgs
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
msiexec.exedescription pid process Token: SeShutdownPrivilege 2448 msiexec.exe Token: SeIncreaseQuotaPrivilege 2448 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msiexec.exepid process 2448 msiexec.exe 2448 msiexec.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
750f0c298d126fe41f6ea52ef84389bc.exedescription pid process target process PID 2428 wrote to memory of 2448 2428 750f0c298d126fe41f6ea52ef84389bc.exe msiexec.exe PID 2428 wrote to memory of 2448 2428 750f0c298d126fe41f6ea52ef84389bc.exe msiexec.exe PID 2428 wrote to memory of 2448 2428 750f0c298d126fe41f6ea52ef84389bc.exe msiexec.exe PID 2428 wrote to memory of 2448 2428 750f0c298d126fe41f6ea52ef84389bc.exe msiexec.exe PID 2428 wrote to memory of 2448 2428 750f0c298d126fe41f6ea52ef84389bc.exe msiexec.exe PID 2428 wrote to memory of 2448 2428 750f0c298d126fe41f6ea52ef84389bc.exe msiexec.exe PID 2428 wrote to memory of 2448 2428 750f0c298d126fe41f6ea52ef84389bc.exe msiexec.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\750f0c298d126fe41f6ea52ef84389bc.exe"C:\Users\Admin\AppData\Local\Temp\750f0c298d126fe41f6ea52ef84389bc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Windows\SysWOW64\msiexec.exemsiexec /i 64.msi2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2448