1d4176cc8657d8dbf5ade35d3a02c60bf35723f98506d87a69a0684923969a1f | Triage

Analysis

max time kernel
30s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 17:20

Sharing

Report Analysis Logs

General

Target

MaxsStupidWindowsTweaker.exe
Size

61KB
MD5

630867289684791c0a0a00c9fee6f4cf
SHA1

eb0bcd981166351ade17fc6d08577acf5609fcee
SHA256

1d4176cc8657d8dbf5ade35d3a02c60bf35723f98506d87a69a0684923969a1f
SHA512

31af2c380c57bf0a499919f0ba29bad73e8f5cb51f8079ec69e510ab7d9e62a802ea4cdbf8f3c756ce3d0cebcb0d99b60909c21dea5d8a8ee489c8fc3bc9a33e
SSDEEP

768:6EtiGuoYvX3fmFCDW1n2uEN4t3QCyvuYQpnuf9XrQUBAgH:oGq3fmgxuaQ3XZuf9XrQUBT

Score

8^/10

evasion

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1648	2084	MaxsStupidWindowsTweaker.exe	29
PID 2084 wrote to memory of 1648	2084	MaxsStupidWindowsTweaker.exe	29
PID 2084 wrote to memory of 1648	2084	MaxsStupidWindowsTweaker.exe	29
PID 2084 wrote to memory of 1648	2084	MaxsStupidWindowsTweaker.exe	29

C:\Users\Admin\AppData\Local\Temp\MaxsStupidWindowsTweaker.exe
"C:\Users\Admin\AppData\Local\Temp\MaxsStupidWindowsTweaker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2084-0-0x0000000000B40000-0x0000000000B53000-memory.dmp

Filesize
76KB

Download