Analysis
-
max time kernel
570s -
max time network
606s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11-02-2024 01:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
PentaPulse.exe
Resource
win10-20231215-en
windows10-1703-x64
3 signatures
600 seconds
Behavioral task
behavioral2
Sample
PentaPulse.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
600 seconds
Behavioral task
behavioral3
Sample
PentaPulse.exe
Resource
win11-20231215-en
windows11-21h2-x64
3 signatures
600 seconds
General
-
Target
PentaPulse.exe
-
Size
153KB
-
MD5
f70905e64d41d899e586fa1b43d8c65e
-
SHA1
98c0d8ea2cd4fb47cfca1c4871e1de0e4303591b
-
SHA256
771f327f1637897150eaaf1fb3fa25209b372d05e50b5000cdc4bee40f9447e9
-
SHA512
f758114e81df55161f7edeb0bada54647a8af586876688dc163bd780f582b72677bc2ecfc7df9deed45c1cfeb29ff5fdd9c530150e87719002d71dd282fab824
-
SSDEEP
3072:pbOmL8fzFQr0njTRsu1yIG9XKThCN3FBROfxD6ORvd05glsQ:cjTRda9yCXBROfxN051
Score
6/10
Malware Config
Signatures
-
Blocklisted process makes network request 9 IoCs
flow pid Process 26 2644 msiexec.exe 30 2644 msiexec.exe 62 2644 msiexec.exe 63 2644 msiexec.exe 64 2644 msiexec.exe 65 2644 msiexec.exe 98 2644 msiexec.exe 157 2644 msiexec.exe 158 2644 msiexec.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 872 set thread context of 2644 872 PentaPulse.exe 84 -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 872 wrote to memory of 2644 872 PentaPulse.exe 84 PID 872 wrote to memory of 2644 872 PentaPulse.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\PentaPulse.exe"C:\Users\Admin\AppData\Local\Temp\PentaPulse.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:872 -
C:\Windows\System32\msiexec.exe\??\C:\Windows\System32\msiexec.exe2⤵
- Blocklisted process makes network request
PID:2644
-