Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
29-04-2024 09:24
General
-
Target
AeroAdmin.exe
-
Size
2.2MB
-
MD5
c984faac414c41839adab61ec608a07e
-
SHA1
2694da22f94b83f7d3c7696ef040f7f0d1122ce6
-
SHA256
dddb977a26860390bd1dbeb4a00e5dab5eac9108190246ada8a76a8510c44dfe
-
SHA512
85314c219a3ae25c3854f67ac95f7cc280b2d140350e79849e152ee59e3c72ab12216173d1dae90b46bba077d254a616af8f323fa8d190661cd70109fe1711e4
-
SSDEEP
49152:D6Q2Kqr1aNUs1T8+IsWTdLraplDXVypwZpT8RlD2JEHQri/r4Ha1LgOoW9YjG2S4:2rQT8jg1lqlD2Jni/r461L1oDjD
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\AeroAdmin.exe"C:\Users\Admin\AppData\Local\Temp\AeroAdmin.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\AeroAdmin.exeC:\Users\Admin\AppData\Local\Temp\AeroAdmin.exe s1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\AeroAdmin.exeC:\Users\Admin\AppData\Local\Temp\AeroAdmin.exe a2⤵
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage