Analysis
-
max time kernel
26s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-03-2024 03:26
Behavioral task
behavioral1
Sample
b663536d5739f3d82eba2a59976ad9d3.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
b663536d5739f3d82eba2a59976ad9d3.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
b663536d5739f3d82eba2a59976ad9d3.exe
-
Size
33KB
-
MD5
b663536d5739f3d82eba2a59976ad9d3
-
SHA1
8813613ddf70be31b0cb8c2e9538c95f5242ac73
-
SHA256
10ef1f9e277a55dbcfff6efda0be5ee668808cbdf3ad109c52f4444303128d28
-
SHA512
88d2f25989a0b535a4480e311528e46b827e076a94fa861c12cdc159287195ff72175bc8e46091da7f89e92fd79879450c4948e50508f3553715fd768a9d90d9
-
SSDEEP
768:l0ROFZBbmQ0ptg0GL9rB3HwY8Quwe/UbxSZEgLz7t:ScQajL9r5wO1e/UQ/X
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1220-0-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral1/memory/1220-5-0x0000000000400000-0x000000000041E000-memory.dmp upx -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\SystemReq = "C:\\Users\\Admin\\AppData\\Roaming\\308831230.exe" b663536d5739f3d82eba2a59976ad9d3.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\SystemReq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b663536d5739f3d82eba2a59976ad9d3.exe" b663536d5739f3d82eba2a59976ad9d3.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SystemReq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b663536d5739f3d82eba2a59976ad9d3.exe" b663536d5739f3d82eba2a59976ad9d3.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1220 b663536d5739f3d82eba2a59976ad9d3.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1220 b663536d5739f3d82eba2a59976ad9d3.exe