Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-04-2024 15:43
Behavioral task
behavioral1
Sample
8816bf5056a42f20cdd42209bf7553be1bd6d41eef6562976afcddde37b0abff.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
8816bf5056a42f20cdd42209bf7553be1bd6d41eef6562976afcddde37b0abff.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
8816bf5056a42f20cdd42209bf7553be1bd6d41eef6562976afcddde37b0abff.exe
-
Size
2.4MB
-
MD5
5ce107febbfb6cbd01b3ee02fb6d5cb3
-
SHA1
2cd5f1283caaf1b60796bab6ba1bbef398d26924
-
SHA256
8816bf5056a42f20cdd42209bf7553be1bd6d41eef6562976afcddde37b0abff
-
SHA512
bf9b86c21a18bdacccca3f9333b520368875247946cb96aca8eb90107ace0fb53afa6f8f211ccb62aea55b26ce6c833b9eaa3fab26a91c53d9ebe07a4c470eb2
-
SSDEEP
49152:Va/RPnb1b+uL5KTu8l6VP/DOdmGtPY4ldvxondziuxL9bnKESY:Va/RTd56M9/DmmGmMve5FxL9
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 21 IoCs
pid Process 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2452 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2452 taskmgr.exe -
Suspicious use of FindShellTrayWindow 46 IoCs
pid Process 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe -
Suspicious use of SendNotifyMessage 46 IoCs
pid Process 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe 2452 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8816bf5056a42f20cdd42209bf7553be1bd6d41eef6562976afcddde37b0abff.exe"C:\Users\Admin\AppData\Local\Temp\8816bf5056a42f20cdd42209bf7553be1bd6d41eef6562976afcddde37b0abff.exe"1⤵PID:3024
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2332
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2452