Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-05-2024 01:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe
-
Size
8.8MB
-
MD5
abe4d6f2f3fc583003b70c8c0e24e268
-
SHA1
9090db13cf2cb3e8036b2911c0124b6de6d1e3a0
-
SHA256
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5
-
SHA512
1dac0f0d1642061642f4e945a4bb8caf5b19d631bf6209f89257d439be059df89282962f9a3dd0f44c8859f300d1206c6996cf1b9e8bc63c5ed6e321f207b29a
-
SSDEEP
49152:oA1RVfVkJix2rb/TXvO90d7HjmAFd4A64nsfJCzGoi5Upu19lpH5pIm/Y3dNdvns:D2JisGW097Im/Y43uLw7nvE7Qwuiq9
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exedescription pid process target process PID 1888 set thread context of 2684 1888 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exedescription pid process target process PID 1888 wrote to memory of 2684 1888 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 1888 wrote to memory of 2684 1888 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 1888 wrote to memory of 2684 1888 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 1888 wrote to memory of 2684 1888 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 1888 wrote to memory of 2684 1888 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe PID 1888 wrote to memory of 2684 1888 454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe"C:\Users\Admin\AppData\Local\Temp\454be1f15b87f6ca55ad6b5438fa262d83dc041e6bd40b6aceca92f9e0936be5.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵PID:2684