Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 10:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
OnlinePianoPlayer.exe
Resource
win7-20240215-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
OnlinePianoPlayer.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
OnlinePianoPlayer.exe
-
Size
1.3MB
-
MD5
3fdb1806a526110f9c8eb6b7cbd2df9e
-
SHA1
f882436ec9ed64a0e16ae4a55246125c713abbd2
-
SHA256
26e21db4dec9f074af4092c270f1ce178ccc7d6588196de232329504ffcc0201
-
SHA512
d1fa2e7e6bb51b6be9e76721f7fd0f3af3bc7683dd0bc106f6f13870ec167b9949f32c612bbb69c004372b96af542d37ea6e428c78592cf01a57535b0f7af56a
-
SSDEEP
24576:/UNxvqF6FGYJf6yjNQpNONZNlTX5PlGPgquLEIWxUc7N11QaSYx7Gq9zXXXXmz0C:/UNxvC6FGYJf6yjNQpNONZnTX5PlGPgL
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2180 taskmgr.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 2232 OnlinePianoPlayer.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe -
Suspicious use of SendNotifyMessage 37 IoCs
pid Process 2232 OnlinePianoPlayer.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe 2180 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\OnlinePianoPlayer.exe"C:\Users\Admin\AppData\Local\Temp\OnlinePianoPlayer.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2232
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2180