Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/03/2024, 13:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
beb75d1edc2e1d16145fb7fe57c52d5c.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
beb75d1edc2e1d16145fb7fe57c52d5c.exe
Resource
win10v2004-20240226-en
4 signatures
150 seconds
General
-
Target
beb75d1edc2e1d16145fb7fe57c52d5c.exe
-
Size
7KB
-
MD5
beb75d1edc2e1d16145fb7fe57c52d5c
-
SHA1
1523423a9a915d5adffbbafe14f47de312e7fcc3
-
SHA256
208e0cedb2659e97c4fc5155c0c580bd69da3c13ada3d12e680fffeee8bace1f
-
SHA512
18d6282ca100b582e7f1590694165bcff9ae60d71162f232a4ab9867c3ed0f2ec71b9306d8a8127dfed356861f2e05c56923a652aff98c41aeb8993d56218829
-
SSDEEP
96:WgQG6kHWjs8F7TssS61vF5cE2TYlnlYJnLeL0Kff345COv1r5RXmm6oajF:WZjs8NvS61wV2nlYJLeLTg4mn6n
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2940 dw20.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2024 wrote to memory of 2940 2024 beb75d1edc2e1d16145fb7fe57c52d5c.exe 29 PID 2024 wrote to memory of 2940 2024 beb75d1edc2e1d16145fb7fe57c52d5c.exe 29 PID 2024 wrote to memory of 2940 2024 beb75d1edc2e1d16145fb7fe57c52d5c.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\beb75d1edc2e1d16145fb7fe57c52d5c.exe"C:\Users\Admin\AppData\Local\Temp\beb75d1edc2e1d16145fb7fe57c52d5c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 4082⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2940
-