Analysis
-
max time kernel
134s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 15:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
Resource
win7-20231129-en
windows7-x64
4 signatures
150 seconds
General
-
Target
95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
-
Size
1.4MB
-
MD5
f7c4ee2c7c8868ec8ed89401689726bf
-
SHA1
b2ca092400891a0d10f68a6db69c5c6a593db24e
-
SHA256
95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a
-
SHA512
fb990626614e6804ed2227f8afeae0496ab7455e1c9de77ef8f4297e6637f14ef3fa18c9989cc54b77cfeafb55d94ca3b96a7068971c6e08eff7fd8a65f72917
-
SSDEEP
24576:iy9VNOgj8q1toCaYLsTMZF1Zg76hxnT+UaBYKSnaaQOMFMlxNWormOm6+YifTuCl:iwp1toCaYgQF1Zg76PyUafShQfFM/KDJ
Malware Config
Signatures
-
Processes:
95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
Processes:
95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exepid process 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe -
Suspicious use of SendNotifyMessage 4 IoCs
Processes:
95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exepid process 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exepid process 4788 95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe"C:\Users\Admin\AppData\Local\Temp\95aeda5d77abaec7577022ef7e06c1b81c1f1c4de94a62517dacbdb355a0777a.exe"1⤵
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx