Resubmissions
14-07-2024 08:16
240714-j6aelavgkf 328-03-2024 15:44
240328-s6f2tahh81 315-02-2024 03:14
240215-drq6xafb7s 605-02-2024 16:35
240205-t3whrsebaq 305-02-2024 16:32
240205-t17g9aeagl 308-12-2023 22:35
231208-2hv1haegb3 331-10-2023 16:20
231031-ttf2qaba4t 1024-10-2023 18:54
231024-xkm1fsgg8z 1020-09-2023 14:18
230920-rl8qnagg4s 1023-08-2023 22:11
230823-139hyshd3w 10Analysis
-
max time kernel
66s -
max time network
64s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-03-2024 15:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dl2.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
dl2.exe
Resource
macos-20240214-en
macos-10.15-amd64
0 signatures
150 seconds
General
-
Target
dl2.exe
-
Size
849KB
-
MD5
c2055b7fbaa041d9f68b9d5df9b45edd
-
SHA1
e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
-
SHA256
342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
-
SHA512
18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
-
SSDEEP
12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2016 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2016 taskmgr.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
pid Process 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe -
Suspicious use of SendNotifyMessage 42 IoCs
pid Process 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe 2016 taskmgr.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1312 dl2.exe 2508 dl2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1312
-
C:\Users\Admin\AppData\Local\Temp\dl2.exeC:\Users\Admin\AppData\Local\Temp\dl2.exe {5F593D2A-713E-410F-A727-79C307851412}1⤵
- Suspicious use of SetWindowsHookEx
PID:2508
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2548
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2016