Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-05-2024 14:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
阿里巴巴集团招聘部分JD信息2024_修复版本v0.4-Talent.Alibaba-inc.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
阿里巴巴集团招聘部分JD信息2024_修复版本v0.4-Talent.Alibaba-inc.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
阿里巴巴集团招聘部分JD信息2024_修复版本v0.4-Talent.Alibaba-inc.exe
-
Size
13.0MB
-
MD5
11161c5d673e111e61b8be366b6a1b26
-
SHA1
233e2678f1b7f32ee973152a02b925bdc1b1f5c5
-
SHA256
e7acf5881bba4d7a0f86bc23c46e35f0600bc0aab9e01bde693cc9336341a597
-
SHA512
15e1285476a308d20a5e023a10b6fe26a2f6c49d87206972b042a75e3a5bf3067765531c54e536c2a931d578bdf23504ebcab1a03e10c45c50005a8948b849bd
-
SSDEEP
49152:dl6a+jY4evehRlL6HCeZdlubWoCZoxy33C3U7il5st/3Jz/Cl500:u0syX3r7il5sDqnP
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 38 IoCs
pid Process 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1708 taskmgr.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
pid Process 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe -
Suspicious use of SendNotifyMessage 50 IoCs
pid Process 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe 1708 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\阿里巴巴集团招聘部分JD信息2024_修复版本v0.4-Talent.Alibaba-inc.exe"C:\Users\Admin\AppData\Local\Temp\阿里巴巴集团招聘部分JD信息2024_修复版本v0.4-Talent.Alibaba-inc.exe"1⤵PID:2780
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1708