0db9ac02645846b5033b403a818544371046214bfedef7e70d44f5f825713c00 | Triage

Analysis

max time kernel
136s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 08:59

Sharing

Report Analysis Logs

General

Target

WeaselServer.exe
Size

1.2MB
MD5

c73fd521bee0be1853382c40668a47b2
SHA1

22f3a4ef96899e762b62867596fe2dbe23f6d725
SHA256

e0159b77e47c66ad75c1ed68f31430e857a5178f86ba574f067850db934f067a
SHA512

98497fc5ca85d2cc2f789c0aece544a2c037577184d50d4873df145ab39992204cdd3613d8d0cae81503e38eeebc4b695cb26dfad27dd411220b12716c6575c6
SSDEEP

24576:b17JklFJ2+roRfxokK0PNKXOoDaH5dk89f3z:bd0e+rooTOJHIy

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3916	WeaselServer.exe
3916	WeaselServer.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3916	WeaselServer.exe
3916	WeaselServer.exe

C:\Users\Admin\AppData\Local\Temp\WeaselServer.exe
"C:\Users\Admin\AppData\Local\Temp\WeaselServer.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads