Analysis
-
max time kernel
25s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-04-2024 18:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
qdfwkhmej3lsgnrt.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
qdfwkhmej3lsgnrt.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
qdfwkhmej3lsgnrt.exe
-
Size
8.1MB
-
MD5
e6c23f437b000396897101d22718de4c
-
SHA1
d350ae0ff17609c4322ddc6105efc811904646a3
-
SHA256
ab19166a9cf6760118d15a4da67cc462cefc9362a5837b1b658666c96f9a31f3
-
SHA512
88740d25b2b3fa3e33f5ced18fb295f7deffc5b06b046c84f4c78a5723607eb8b339af2f43e08598266524fe2fd66c8bb747f7421455810dc201d70ba1aaeb53
-
SSDEEP
196608:I3nJLovsDgzFQPu145/kO+FI/bvdIXG6/8PScsVtGZq:anXgzCK45/kOsI/hI26/8Pt0t
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2688 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2688 taskmgr.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
pid Process 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe -
Suspicious use of SendNotifyMessage 40 IoCs
pid Process 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe 2688 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\qdfwkhmej3lsgnrt.exe"C:\Users\Admin\AppData\Local\Temp\qdfwkhmej3lsgnrt.exe"1⤵PID:2156
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2688