Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
16-07-2024 13:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Sleflistuiq.exe
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Sleflistuiq.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
19 signatures
150 seconds
General
-
Target
Sleflistuiq.exe
-
Size
218KB
-
MD5
41dd4767d8c5f340b52cbc7258d45c08
-
SHA1
7b53ec2d4c693a24745af9710ff5ad1ddb60e8c6
-
SHA256
2720acefe611680845b583b7e060d6efeb172945ad7acba49f46ea22693a1f5e
-
SHA512
64c3de49e3176d1cf3469043160a7e90421aaa60897b47759478a7932ab5a575465e6c88b6349f1bc06d6a8f28c7582e284fd3ae3dede48274d90338fe8c0caf
-
SSDEEP
3072:XedQRhjdznZv+MjmRl9ZL4SD1L8G8YHTS3cerNaV7JUs8VhrMdUT5reUd6:uWRhL+Mjyv54CcYzSSYWUT5reU
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe 3064 Sleflistuiq.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3064 Sleflistuiq.exe -
Suspicious use of WriteProcessMemory 43 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2872 3064 Sleflistuiq.exe 30 PID 3064 wrote to memory of 2872 3064 Sleflistuiq.exe 30 PID 3064 wrote to memory of 2872 3064 Sleflistuiq.exe 30 PID 3064 wrote to memory of 2872 3064 Sleflistuiq.exe 30 PID 3064 wrote to memory of 2864 3064 Sleflistuiq.exe 31 PID 3064 wrote to memory of 2864 3064 Sleflistuiq.exe 31 PID 3064 wrote to memory of 2864 3064 Sleflistuiq.exe 31 PID 3064 wrote to memory of 2864 3064 Sleflistuiq.exe 31 PID 3064 wrote to memory of 2876 3064 Sleflistuiq.exe 32 PID 3064 wrote to memory of 2876 3064 Sleflistuiq.exe 32 PID 3064 wrote to memory of 2876 3064 Sleflistuiq.exe 32 PID 3064 wrote to memory of 2876 3064 Sleflistuiq.exe 32 PID 3064 wrote to memory of 2896 3064 Sleflistuiq.exe 33 PID 3064 wrote to memory of 2896 3064 Sleflistuiq.exe 33 PID 3064 wrote to memory of 2896 3064 Sleflistuiq.exe 33 PID 3064 wrote to memory of 2896 3064 Sleflistuiq.exe 33 PID 3064 wrote to memory of 2856 3064 Sleflistuiq.exe 34 PID 3064 wrote to memory of 2856 3064 Sleflistuiq.exe 34 PID 3064 wrote to memory of 2856 3064 Sleflistuiq.exe 34 PID 3064 wrote to memory of 2856 3064 Sleflistuiq.exe 34 PID 3064 wrote to memory of 2020 3064 Sleflistuiq.exe 35 PID 3064 wrote to memory of 2020 3064 Sleflistuiq.exe 35 PID 3064 wrote to memory of 2020 3064 Sleflistuiq.exe 35 PID 3064 wrote to memory of 2020 3064 Sleflistuiq.exe 35 PID 3064 wrote to memory of 2704 3064 Sleflistuiq.exe 36 PID 3064 wrote to memory of 2704 3064 Sleflistuiq.exe 36 PID 3064 wrote to memory of 2704 3064 Sleflistuiq.exe 36 PID 3064 wrote to memory of 2704 3064 Sleflistuiq.exe 36 PID 3064 wrote to memory of 2712 3064 Sleflistuiq.exe 37 PID 3064 wrote to memory of 2712 3064 Sleflistuiq.exe 37 PID 3064 wrote to memory of 2712 3064 Sleflistuiq.exe 37 PID 3064 wrote to memory of 2712 3064 Sleflistuiq.exe 37 PID 3064 wrote to memory of 2172 3064 Sleflistuiq.exe 38 PID 3064 wrote to memory of 2172 3064 Sleflistuiq.exe 38 PID 3064 wrote to memory of 2172 3064 Sleflistuiq.exe 38 PID 3064 wrote to memory of 2172 3064 Sleflistuiq.exe 38 PID 3064 wrote to memory of 2848 3064 Sleflistuiq.exe 39 PID 3064 wrote to memory of 2848 3064 Sleflistuiq.exe 39 PID 3064 wrote to memory of 2848 3064 Sleflistuiq.exe 39 PID 3064 wrote to memory of 2848 3064 Sleflistuiq.exe 39 PID 3064 wrote to memory of 2904 3064 Sleflistuiq.exe 40 PID 3064 wrote to memory of 2904 3064 Sleflistuiq.exe 40 PID 3064 wrote to memory of 2904 3064 Sleflistuiq.exe 40
Processes
-
C:\Users\Admin\AppData\Local\Temp\Sleflistuiq.exe"C:\Users\Admin\AppData\Local\Temp\Sleflistuiq.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2872
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2864
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2876
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2896
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2856
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2020
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2704
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2712
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2172
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:2848
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3064 -s 12402⤵PID:2904
-