Analysis
-
max time kernel
58s -
max time network
72s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 12:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Obs_VcamGUI.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
Obs_VcamGUI.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
Obs_VcamGUI.exe
-
Size
140.5MB
-
MD5
04d6abf89ad6168731259ee31a1e11b0
-
SHA1
5f473fe5428a3dd028f7ac3f3623b61ce760ec01
-
SHA256
40459ec37e818f0d50d385a24dfc0c0542865c4d4a893ea1d02502bce3e788a8
-
SHA512
bbcd4b95456ec2d26b0234b96eb4ee8539fbf011d42a6dd88f432d37258c6dee047ba88b8edd856c715afc763d9065369aa8fc7ad74289fd5970e7518bc59660
-
SSDEEP
786432:O0CQFo/Mnm6jKS6mI72RAZzVQ/T5v7pI1TtLwSTRpf4P1wT1Wyzqenai6:OIFNnuYuBIT5TpKdai6
Score
1/10
Malware Config
Signatures
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 436 Obs_VcamGUI.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Obs_VcamGUI.exe"C:\Users\Admin\AppData\Local\Temp\Obs_VcamGUI.exe"1⤵
- Suspicious use of FindShellTrayWindow
PID:436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:81⤵PID:5104