Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 08:55
Behavioral task
behavioral1
Sample
4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe
-
Size
5.8MB
-
MD5
84bec2889d12c078a49080c8c7209755
-
SHA1
65474940fece0c564bb8c9d0e43058de3ee6be78
-
SHA256
4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b
-
SHA512
d2c49562e5c5d402269dc6f8c04543135c11aa1afd7eee478b86a725800f7c2ef666ee74a0a8b9eedc1ee4a119a51c7ec4a252645f14ff96009d5a5fbef5251c
-
SSDEEP
98304:XlGTBmm7uHdabHRl70nha4JwIRUvMY5qV6d52016z9/jbsXmj2YY6h2:VGBVkdWMha4SfvhqVS52u4JnsXmK
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2864-45-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-55-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-65-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-63-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-61-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-59-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-57-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-53-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-51-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-49-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-47-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-44-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-40-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-43-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2864-42-0x0000000010000000-0x000000001003E000-memory.dmp upx -
resource yara_rule behavioral1/memory/2864-35-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral1/memory/2864-39-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral1/memory/2864-86-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral1/memory/2864-87-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect behavioral1/memory/2864-88-0x0000000000400000-0x0000000000E61000-memory.dmp vmprotect -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe 2864 4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe"C:\Users\Admin\AppData\Local\Temp\4bb5903a85140f18d5513dc4d76af82c4d7fb533a47b52ec80f03fcb8b028e6b.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2864