Analysis
-
max time kernel
17s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10/02/2024, 21:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
github-setup.exe
Resource
win7-20231215-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
github-setup.exe
Resource
win10v2004-20231222-en
12 signatures
150 seconds
General
-
Target
github-setup.exe
-
Size
58.1MB
-
MD5
37138f5563de22dc827639ca73063932
-
SHA1
ba6f56d95bd61cbfddbcb8c0e02d9c415fa6954d
-
SHA256
bc0266d295b2cd211f0c16aa608caf0db401916f284a99cc578f5ad394b117d0
-
SHA512
a574ceaeb9c3d63c2b5c63d6451df4ba003cf090b8e9b4893b5d8d87c40123e519c4bf212bf3993e7930d846574d84df9fc94916beec826c9b7eaccc295c8ecd
-
SSDEEP
393216:e1+zCer/QHn+T97auZqB1Jno6L/edodWDJNVI+v:e1+zCekHn+T97auZqlo6Kdb1NVI+
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2788 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2872 taskmgr.exe Token: SeDebugPrivilege 2788 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2872 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe 2788 taskmgr.exe
Processes
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2872
-
C:\Users\Admin\AppData\Local\Temp\github-setup.exe"C:\Users\Admin\AppData\Local\Temp\github-setup.exe"1⤵PID:2796
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2788