Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
29/06/2024, 20:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240508-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
Client.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
Client.exe
-
Size
253KB
-
MD5
f7bea0ecab72f62723c2557d52dd56ed
-
SHA1
d1b0d1fd02c7192e03163de4dd66095a39b49076
-
SHA256
446f2ae338368abe954d2417fbd953c371a6e8787c2f2236a1b399fb55846e48
-
SHA512
1489bcffdcfe5ad147639d0eceb4242d6dd7095be9f1dfe89e80a6c1c46fee076c0f299e21addc75a526d6fe11c5a16c4ca403de10e8dfcfdaeec2af28a5c909
-
SSDEEP
6144:WHgnPV2KM6IN+Sq9e6VlWT8b9axsyqbk9Rbzock:yUlzPVle8P3QFoc
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3016 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3016 taskmgr.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe -
Suspicious use of SendNotifyMessage 50 IoCs
pid Process 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe 3016 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵PID:2136
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3016