Analysis
-
max time kernel
67s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 20:32
Behavioral task
behavioral1
Sample
PAYMENT FROM OUR SBI BANK.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
PAYMENT FROM OUR SBI BANK.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
PAYMENT FROM OUR SBI BANK.exe
-
Size
536KB
-
MD5
d554b4c1aa278eeaf10def8ea5973cd6
-
SHA1
f1056fb198e27b567d46c3fe7b2d355c925988fd
-
SHA256
b2db0dad3f1acb31633bc8d135453b5141d75ce89212a303a9148a40f60eb917
-
SHA512
00d9d6a1ff4cfd43a3e11e4b81d47a559eef3e03011c24a160e614064cd42a2a87c9f7da586d0cc33d8ec3db025050468aea708865b80d7aaa0250dc81d6e62d
-
SSDEEP
12288:0uv+XyDHRqUaW46A9jmP/uhu/yMS08CkntxYRS:rv0wHROfmP/UDMS08Ckn3P
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
PAYMENT FROM OUR SBI BANK.exepid process 4032 PAYMENT FROM OUR SBI BANK.exe 4032 PAYMENT FROM OUR SBI BANK.exe 4032 PAYMENT FROM OUR SBI BANK.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
PAYMENT FROM OUR SBI BANK.exedescription pid process target process PID 4032 wrote to memory of 2992 4032 PAYMENT FROM OUR SBI BANK.exe cmd.exe PID 4032 wrote to memory of 2992 4032 PAYMENT FROM OUR SBI BANK.exe cmd.exe PID 4032 wrote to memory of 2992 4032 PAYMENT FROM OUR SBI BANK.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PAYMENT FROM OUR SBI BANK.exe"C:\Users\Admin\AppData\Local\Temp\PAYMENT FROM OUR SBI BANK.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4032 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:2992
-