Analysis
-
max time kernel
29s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
27-04-2024 22:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
BoostTool.exe
Resource
win10v2004-20240419-en
1 signatures
60 seconds
Behavioral task
behavioral2
Sample
BoostTool.exe
Resource
win11-20240419-en
1 signatures
60 seconds
General
-
Target
BoostTool.exe
-
Size
13.3MB
-
MD5
342a8574c1810f446d50e338e2387cff
-
SHA1
3d528af95a0ab4924e903cf42d121985c386d300
-
SHA256
f84d3cc85b7295ab59906d9c3305be94d8ad71a4261685118bee231c86e7b171
-
SHA512
7982ac87853e675f34772be5d7bca6387cddf23780fd575dff2d7b640a06f1089fafebce00fdb47977014ab4081c8c11f9a3192d4d2a94489e580ff7248a6e2d
-
SSDEEP
98304:f7utmPlS1RecMcjj6NQM0Efw4HbSMWQOfQtwZbF2/2PHGFJvGw+gweY6:fLPlS1Ra+j6NhfdgvQt4F2/2vM5Gwce
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
BoostTool.exedescription pid process target process PID 3420 wrote to memory of 1384 3420 BoostTool.exe cmd.exe PID 3420 wrote to memory of 1384 3420 BoostTool.exe cmd.exe PID 3420 wrote to memory of 3084 3420 BoostTool.exe cmd.exe PID 3420 wrote to memory of 3084 3420 BoostTool.exe cmd.exe PID 3420 wrote to memory of 3616 3420 BoostTool.exe cmd.exe PID 3420 wrote to memory of 3616 3420 BoostTool.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BoostTool.exe"C:\Users\Admin\AppData\Local\Temp\BoostTool.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c cls2⤵
-
C:\Windows\system32\cmd.execmd /c cls2⤵
-
C:\Windows\system32\cmd.execmd /c cls2⤵