Analysis
-
max time kernel
141s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 01:23
Static task
static1
Behavioral task
behavioral1
Sample
a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe
Resource
win10v2004-20240426-en
General
-
Target
a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe
-
Size
2.3MB
-
MD5
2c658fcf4e390e27928e5c6534b91519
-
SHA1
1e2f9b8c0625ff662f3913088c601fdddc3b6597
-
SHA256
a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901
-
SHA512
82b0e69ecd1ddbf38c9a994db6946038a72724ec69f6c79a9fcfdd891fd65b86725a6323613b2547336fc823dbbdc7f6ca07d60adb731cb064f112f955ef2dec
-
SSDEEP
49152:DGzEBnq3We4khPu1572ri9i5HMPyU7O4fX6UNijG6B8stZg:D+EBq3We4umZoMPyyv6UNMGGFt
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutoRun = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe" a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
pid Process 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe -
Suspicious use of SendNotifyMessage 7 IoCs
pid Process 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe 2008 a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe"C:\Users\Admin\AppData\Local\Temp\a84ad7e4f0818c3ab031d398081d347a2d80fedde8e9729279e6823a90c0b901.exe"1⤵
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2008