Overview
overview
10Static
static
10c1be767404...8e.zip
windows7-x64
1c1be767404...8e.zip
windows10-2004-x64
100195a0548...01.exe
windows7-x64
1000195a0548...01.exe
windows10-2004-x64
10103494894d...b8.exe
windows7-x64
8103494894d...b8.exe
windows10-2004-x64
815e918d1df...c8.exe
windows7-x64
1015e918d1df...c8.exe
windows10-2004-x64
101adf26633c...96.exe
windows7-x64
101adf26633c...96.exe
windows10-2004-x64
725bbed4562...a9.exe
windows7-x64
1025bbed4562...a9.exe
windows10-2004-x64
1029b828a2d4...7b.exe
windows7-x64
1029b828a2d4...7b.exe
windows10-2004-x64
102f0d81e068...61.exe
windows7-x64
102f0d81e068...61.exe
windows10-2004-x64
10317ce86a4e...85.exe
windows7-x64
10317ce86a4e...85.exe
windows10-2004-x64
103c764ae83e...36.exe
windows7-x64
83c764ae83e...36.exe
windows10-2004-x64
840c918b435...1df.js
windows7-x64
340c918b435...1df.js
windows10-2004-x64
74963827ab4...5e.exe
windows7-x64
104963827ab4...5e.exe
windows10-2004-x64
1050d670fcdb...0d.exe
windows7-x64
750d670fcdb...0d.exe
windows10-2004-x64
1055911205ed...78.exe
windows7-x64
1055911205ed...78.exe
windows10-2004-x64
105a48f7ceeb...a3.exe
windows7-x64
105a48f7ceeb...a3.exe
windows10-2004-x64
106700ee6916...ce.exe
windows7-x64
106700ee6916...ce.exe
windows10-2004-x64
10Analysis
-
max time kernel
18s -
max time network
24s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2024, 17:08
Behavioral task
behavioral1
Sample
c1be767404a3d71717a54b01ebfa91ebff578dad8dd518a1a49012bcf012738e.zip
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
c1be767404a3d71717a54b01ebfa91ebff578dad8dd518a1a49012bcf012738e.zip
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
00195a05484a91950f0c188ce6ac5f05b94123095bba2bdf0f184332bacd4201.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral4
Sample
00195a05484a91950f0c188ce6ac5f05b94123095bba2bdf0f184332bacd4201.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
103494894de51a19c77a06cf7a48e2d278cd7f768bd972c2fd34d557f619e1b8.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
103494894de51a19c77a06cf7a48e2d278cd7f768bd972c2fd34d557f619e1b8.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
15e918d1df17402cac720b75c85e81587d15ef620e89b639ad71085ce77ca8c8.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral8
Sample
15e918d1df17402cac720b75c85e81587d15ef620e89b639ad71085ce77ca8c8.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
1adf26633c17278c9b930529b164637a8942cbb1f3267afafec63b56de51dd96.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
1adf26633c17278c9b930529b164637a8942cbb1f3267afafec63b56de51dd96.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
25bbed456281ea6f37cb6b295ebd0d1764156e797b4f15e0dc1bbcd7342086a9.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
25bbed456281ea6f37cb6b295ebd0d1764156e797b4f15e0dc1bbcd7342086a9.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
29b828a2d4a02f4c3508e27714ceccea4e2d117dc0466671d334a6debd7a077b.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
29b828a2d4a02f4c3508e27714ceccea4e2d117dc0466671d334a6debd7a077b.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
2f0d81e068e18c1b7fe631d9342b33afd5bdad5bf3de39a28d6c6de30edbf661.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
2f0d81e068e18c1b7fe631d9342b33afd5bdad5bf3de39a28d6c6de30edbf661.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
317ce86a4e5783cbfa78be1ce5950fe287d810f34d834d859df0bf7496625985.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral18
Sample
317ce86a4e5783cbfa78be1ce5950fe287d810f34d834d859df0bf7496625985.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
3c764ae83eaaab36e7550ebd312d12daa8e41cd8bc2294eb3bdf4459dda73f36.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
3c764ae83eaaab36e7550ebd312d12daa8e41cd8bc2294eb3bdf4459dda73f36.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
40c918b435649c05c1f43a6f95c9bdb613726a86dfce987ea5ccd90ec2c911df.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
40c918b435649c05c1f43a6f95c9bdb613726a86dfce987ea5ccd90ec2c911df.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
4963827ab4881382f900255fa034f5c5f369cdc11d30863c69a04ed7f6abca5e.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
4963827ab4881382f900255fa034f5c5f369cdc11d30863c69a04ed7f6abca5e.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
50d670fcdb23752572ad966fef6e4b67e9d600a8ca0bfef4f58847eff69ed40d.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
50d670fcdb23752572ad966fef6e4b67e9d600a8ca0bfef4f58847eff69ed40d.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
55911205edcecf1a4337052e070334ad0dfb5b651cb980122a963b811aeda078.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
55911205edcecf1a4337052e070334ad0dfb5b651cb980122a963b811aeda078.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
5a48f7ceeb3a0ef874ee3247079ce780b39e8af328aaa8b1e91cfed4729969a3.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
5a48f7ceeb3a0ef874ee3247079ce780b39e8af328aaa8b1e91cfed4729969a3.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
6700ee6916de2b466bfba8efd9d0aaa71cf99252d3f95c570c366819a45ab2ce.exe
Resource
win7-20240708-en
windows7-x64
General
-
Target
c1be767404a3d71717a54b01ebfa91ebff578dad8dd518a1a49012bcf012738e.zip
-
Size
18.4MB
-
MD5
f4668d061e909155b6fac133b996454f
-
SHA1
f447f9f60c302e86396d0c6ee87a9d051ffdc663
-
SHA256
c1be767404a3d71717a54b01ebfa91ebff578dad8dd518a1a49012bcf012738e
-
SHA512
37b060d37792f1c6579e3f06a7f511048bbd03f683f42cfcb97974e606f83104f0415b391a2fcaedb8b27b8c5aca81392ff37790056e1b28242f244392626898
-
SSDEEP
393216:ajbiEohoCmIKjjw8t2Ilk1TZj4ASPRlZzXFAuU2ywpV:aqEfSKj/t2IqTN4xRlzAMyYV
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 1476 taskmgr.exe Token: SeSystemProfilePrivilege 1476 taskmgr.exe Token: SeCreateGlobalPrivilege 1476 taskmgr.exe -
Suspicious use of FindShellTrayWindow 24 IoCs
pid Process 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\c1be767404a3d71717a54b01ebfa91ebff578dad8dd518a1a49012bcf012738e.zip1⤵PID:1752
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1476