Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16-03-2024 03:59
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
cd0cbbf73ec2a26ce44577cc51130633.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
cd0cbbf73ec2a26ce44577cc51130633.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
cd0cbbf73ec2a26ce44577cc51130633.exe
-
Size
1.8MB
-
MD5
cd0cbbf73ec2a26ce44577cc51130633
-
SHA1
c5c268e8c477608a0b7450a6a0cc2e05441e50a6
-
SHA256
18067b7f19341cf2c3a88f4f179a0e27a0841e4125dd23b77c7c0243050c1eb6
-
SHA512
cd8109c5200bb9e7c90d79f7972bec5b27f0211ce515e94896efedf08958b1331df25c1dc9761fe3e6d9f356821d29db0c6dbc0737b2f882f103302f31a49ca8
-
SSDEEP
49152:4w80cTsjkWa1TpDwqHACihyZWgSvaZgMjnqmI/Fnuv:p8sjkJp9HFi4YgSWvqmItu
Score
1/10
Malware Config
Signatures
-
Suspicious use of FindShellTrayWindow 11 IoCs
pid Process 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe -
Suspicious use of SendNotifyMessage 11 IoCs
pid Process 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 4872 cd0cbbf73ec2a26ce44577cc51130633.exe -
Suspicious use of WriteProcessMemory 30 IoCs
description pid Process procid_target PID 4872 wrote to memory of 2472 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 88 PID 4872 wrote to memory of 2472 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 88 PID 4872 wrote to memory of 2472 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 88 PID 4872 wrote to memory of 3276 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 89 PID 4872 wrote to memory of 3276 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 89 PID 4872 wrote to memory of 3276 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 89 PID 4872 wrote to memory of 4232 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 90 PID 4872 wrote to memory of 4232 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 90 PID 4872 wrote to memory of 4232 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 90 PID 4872 wrote to memory of 3804 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 91 PID 4872 wrote to memory of 3804 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 91 PID 4872 wrote to memory of 3804 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 91 PID 4872 wrote to memory of 4576 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 93 PID 4872 wrote to memory of 4576 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 93 PID 4872 wrote to memory of 4576 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 93 PID 4872 wrote to memory of 4032 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 94 PID 4872 wrote to memory of 4032 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 94 PID 4872 wrote to memory of 4032 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 94 PID 4872 wrote to memory of 4792 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 96 PID 4872 wrote to memory of 4792 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 96 PID 4872 wrote to memory of 4792 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 96 PID 4872 wrote to memory of 1496 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 97 PID 4872 wrote to memory of 1496 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 97 PID 4872 wrote to memory of 1496 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 97 PID 4872 wrote to memory of 1924 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 98 PID 4872 wrote to memory of 1924 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 98 PID 4872 wrote to memory of 1924 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 98 PID 4872 wrote to memory of 4584 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 100 PID 4872 wrote to memory of 4584 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 100 PID 4872 wrote to memory of 4584 4872 cd0cbbf73ec2a26ce44577cc51130633.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd0cbbf73ec2a26ce44577cc51130633.exe"C:\Users\Admin\AppData\Local\Temp\cd0cbbf73ec2a26ce44577cc51130633.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:2472
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:3276
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:4232
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:3804
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:4576
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:4032
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:4792
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:1496
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:1924
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\SysWOW64\calc.exe"2⤵PID:4584
-